Vulnerability Description
The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Dogtag Certificate System | 1.0 |
| Redhat | Certificate System | 7.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/33693Vendor Advisory
- http://www.securityfocus.com/bid/33508
- http://www.vupen.com/english/advisories/2009/0145
- https://bugzilla.redhat.com/show_bug.cgi?id=475998
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48331
- https://rhn.redhat.com/errata/RHSA-2009-0007.htmlVendor Advisory
- http://secunia.com/advisories/33693Vendor Advisory
- http://www.securityfocus.com/bid/33508
- http://www.vupen.com/english/advisories/2009/0145
- https://bugzilla.redhat.com/show_bug.cgi?id=475998
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48331
- https://rhn.redhat.com/errata/RHSA-2009-0007.htmlVendor Advisory
FAQ
What is CVE-2008-5082?
CVE-2008-5082 is a vulnerability with a CVSS score of 6.0 (MEDIUM). The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enro...
How severe is CVE-2008-5082?
CVE-2008-5082 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5082?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Dogtag Certificate System, Redhat Certificate System.