CVE-2008-2368

CWE-2555 documents5 sources
Severity
2.1LOW
EPSS
0.0%
top 90.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Certificate System
Timeline
PublishedJan 20
Latest updateMay 1

Description

Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-hj7g-ch5r-67hc: Red Hat Certificate System 72022-05-01
CVEList
CVE-2008-2368: Red Hat Certificate System 72009-01-20

📋Vendor Advisories

1
Red Hat
System: plain text passwords stored in debug log2009-01-15

💬Community

1
Bugzilla
CVE-2008-2368 Certificate System: plain text passwords stored in debug log2008-06-18
CVE-2008-2368 (LOW CVSS 2.1) | Red Hat Certificate System 7.2 stor | cvebase.io