CVE-2010-3869
First published: Tue Nov 02 2010(Updated: )
Red Hat / Dogtag Certificate System did not prevent re-use of the one-time PIN used in the SCEP (Simple Certificate Enrollment Protocol) protocol enrollment requests. The check was done to ensure that PIN is valid, but the PIN was never removed from the list of valid PINs once it was used. An attacker possessing a valid SCEP enrollment one-time PIN could use it to generate an unlimited number of certificates.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Certificate System | =7.3 | |
| Redhat Certificate System | =8 | |
| Redhat Dogtag Certificate System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-3869
- vendor/redhat
- canonical/redhat certificate system
- version/redhat certificate system/7.3
- version/redhat certificate system/8
- canonical/redhat dogtag certificate system