Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote malicious users to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat certificate system 7.3 |
||
redhat certificate system 8 |
||
redhat dogtag certificate system |