CVE-2012-3503
published 2012-08-25CVE-2012-3503: The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation…
PriorityP353critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.00%
85.7th percentile
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| katello | katello | >= 0 < 1.0.6 | 1.0.6 |
| katello | katello | >= 1.1.0 < 1.1.7 | 1.1.7 |
| redhat | enterprise_linux_server | — | — |
| theforeman | katello | <= 1.0 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Katello: Application.config.secret_token is not generated properly
vendor_redhat·2012-08-21·CVSS 9.8
CVE-2012-3503 [CRITICAL] Katello: Application.config.secret_token is not generated properly
Katello: Application.config.secret_token is not generated properly
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token.
OSV
Katello uses hard coded credential
osv·2022-05-17
CVE-2012-3503 [CRITICAL] Katello uses hard coded credential
Katello uses hard coded credential
The installation script in Katello 1.0 and earlier does not properly generate the `Application.config.secret_token` value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default `secret_token`.
GHSA
Katello uses hard coded credential
ghsa·2022-05-17
CVE-2012-3503 [CRITICAL] CWE-798 Katello uses hard coded credential
Katello uses hard coded credential
The installation script in Katello 1.0 and earlier does not properly generate the `Application.config.secret_token` value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default `secret_token`.
No detection rules found.
No public exploits indexed.
CWE
Use of Hard-coded Credentials
mitre_cwe
CWE-798 Use of Hard-coded Credentials
CWE-798: Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
There are two main variations: Inbound: the product contains an authentication mechanism that checks the input credentials against a hard-coded set of credentials. In this variant, a default administration account is created, and a simple password is hard-coded into the product and associated with that account. This hard-coded password is the same for each installation of the product, and it usually cannot be changed or disabled by system administrators without manually modifying the program, or otherwise patching the product. It can also be difficult for the administrator to detect. Outbound: the product connects to another system or component, and it contains har
CWE
Use of Weak Credentials
mitre_cwe
CWE-1391 Use of Weak Credentials
CWE-1391: Use of Weak Credentials
The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker.
By design, authentication protocols try to ensure that attackers must perform brute force attacks if they do not know the credentials such as a key or password. However, when these credentials are easily predictable or even fixed (as with default or hard-coded passwords and keys), then the attacker can defeat the mechanism without relying on brute force. Credentials may be weak for different reasons, such as: Hard-coded (i.e., static and unchangeable by the administrator) Default (i.e., the same static value across different deployments/installations, but able to be changed by the administrator) Predictable
http://rhn.redhat.com/errata/RHSA-2012-1186.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1187.htmlhttp://secunia.com/advisories/50344http://www.securityfocus.com/bid/55140https://github.com/Katello/katello/commit/7c256fef9d75029d0ffff58ff1dcda915056d3a3https://github.com/Katello/katello/pull/499http://rhn.redhat.com/errata/RHSA-2012-1186.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1187.htmlhttp://secunia.com/advisories/50344http://www.securityfocus.com/bid/55140https://github.com/Katello/katello/commit/7c256fef9d75029d0ffff58ff1dcda915056d3a3https://github.com/Katello/katello/pull/499
2012-08-25
Published