CVE-2019-10136

Опубликовано: 01 июл. 2019

Источник: redhat

CVSS3: 4.3

EPSS Низкий

Описание

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.

It was found that Spacewalk did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-347

https://bugzilla.redhat.com/show_bug.cgi?id=1708696spacewalk: Insecure computation of authentication signatures during user authentication

EPSS

Процентиль: 28%

0.00102

Низкий

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2019-10136

CVSS3: 4.3

nvd

больше 6 лет назад

SUSE-SU-2019:14163-1

suse-cvrf

больше 6 лет назад

Security update for SUSE Manager Client Tools

GHSA-w2m4-8m7f-6vwv

CVSS3: 4.3

github

больше 3 лет назад

It was found that Spacewalk, all versions through 2.8, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.

EPSS

Процентиль: 28%

0.00102

Низкий

4.3 Medium

CVSS3