Описание
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 10.6.0-1ubuntu2 |
| cosmic | not-affected | 10.6.0-1ubuntu2 |
| devel | DNE | |
| disco | DNE | |
| eoan | not-affected | 10.6.0-1ubuntu2 |
| esm-apps/bionic | not-affected | 10.6.0-1ubuntu2 |
| esm-apps/focal | not-affected | |
| esm-apps/jammy | not-affected | |
| esm-apps/xenial | released | 10.2.6+git20160317-1ubuntu0.1~esm1 |
Показывать по
EPSS
5 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.
It was found that a mock CMC authentication plugin with a hardcoded se ...
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.
EPSS
5 Medium
CVSS2
5.9 Medium
CVSS3