CVE-2010-3868

EUVD-2010-3846
Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
redhatcertificate_system
7.3
redhatdogtag_certificate_system
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/42181
http://securitytracker.com/id?1024697
http://www.osvdb.org/69149
https://bugzilla.redhat.com/show_bug.cgi?id=648882
https://fedorahosted.org/pki/changeset/1261
https://rhn.redhat.com/errata/RHSA-2010-0837.html
https://rhn.redhat.com/errata/RHSA-2010-0838.html
http://secunia.com/advisories/42181
http://securitytracker.com/id?1024697
http://www.osvdb.org/69149
https://bugzilla.redhat.com/show_bug.cgi?id=648882
https://fedorahosted.org/pki/changeset/1261
https://rhn.redhat.com/errata/RHSA-2010-0837.html
https://rhn.redhat.com/errata/RHSA-2010-0838.html