The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2009-01-30T19:00:00
Updated: 2017-08-07T12:57:01
Reserved: 2008-11-14T00:00:00
Link: CVE-2008-5082
JSON object: View
NVD Information
Status : Modified
Published: 2009-01-30T19:30:00.250
Modified: 2017-08-08T01:33:06.063
Link: CVE-2008-5082
JSON object: View
Redhat Information
No data.
CWE