CVE-2017-7537 MEDIUM

CVE-2017-7537

Vendor Dogtag Pki
Product pki-core
Weakness CWE-592
Published July 26, 2018
Last update August 5, 2024

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.

Key dates

02Disclosure timeline

July 26, 2018 CVE published
August 5, 2024 Record updated