A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local malicious user to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dogtagpki dogtagpki |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
oracle linux 8 |
||
redhat enterprise linux 8.0 |
||
redhat enterprise linux eus 8.4 |
||
redhat enterprise linux for ibm z systems 8.0 |
||
redhat enterprise linux for ibm z systems eus 8.4 |
||
redhat enterprise linux for power little endian 8.0 |
||
redhat enterprise linux for power little endian eus 8.4 |
||
redhat enterprise linux server aus 8.4 |
||
redhat enterprise linux server tus 8.4 |
||
redhat enterprise linux server update services for sap solutions 8.4 |