CVE-2017-7537 in pki-core Packageinfo

Zusammenfassung

von MITRE

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

Red Hat, Inc.

Reservieren

05.04.2017

Veröffentlichung

26.07.2018

Moderieren

akzeptiert

Eintrag

VDB-122208

CPE

bereit

CWE

CWE-798 (bestätigt)

CVSS

7.5 (NVD)

EPSS

0.00133

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-7537
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-7537
CVE Details	https://www.cvedetails.com/cve/CVE-2017-7537/

◂ Zurück Übersicht Weiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!