CVE-2008-5082

Impact:
Moderate
Public Date:
2009-01-29
Bugzilla:
475998: CVE-2008-5082 Certificate System: missing public key challenge proof verification in the TPS component

The MITRE CVE dictionary describes this issue as:

The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key.

Find out more about CVE-2008-5082 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Certificate System 7.3 for 4AS RHSA-2009:0007 2009-01-29

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.