CVE-2008-2369 — Hard-coded Credentials in Redhat Satellite

CWE-798 — Hard-coded Credentials5 documents5 sources

Severity

9.1CRITICALNVD

EPSS

0.6%

top 30.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Satellite

Timeline

PublishedAug 14

Latest updateMay 1

Description

manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages1 packages

▶NVDredhat/satellite< 5.1.1

🔴Vulnerability Details

GHSA

GHSA-53xg-795p-rwf7: manzier↗2022-05-01

▶

CVEList

CVE-2008-2369: manzier↗2008-08-14

▶

📐Framework References

CWE

Use of Hard-coded Credentials↗

▶

💬Community

Bugzilla

CVE-2008-2369 RHN Satellite: information disclosure via manzier.pxt RPC script↗2008-06-23

▶