Bug 648883 (CVE-2010-3869)

Summary: CVE-2010-3869 Certificate System: SCEP one-time PIN reuse
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: awnuk, mharmsen, security-response-team, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-11-09 07:58:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 471318, 609327, 609328, 621339    
Bug Blocks:    

Description Tomas Hoger 2010-11-02 12:41:14 UTC 
Red Hat / Dogtag Certificate System did not prevent re-use of the one-time PIN used in the SCEP (Simple Certificate Enrollment Protocol) protocol enrollment requests.  The check was done to ensure that PIN is valid, but the PIN was never removed from the list of valid PINs once it was used.  An attacker possessing a valid SCEP enrollment one-time PIN could use it to generate an unlimited number of certificates.
Comment 1 errata-xmlrpc 2010-11-08 20:06:58 UTC 
This issue has been addressed in following products:

  Red Hat Certificate System 7.3

Via RHSA-2010:0837 https://rhn.redhat.com/errata/RHSA-2010-0837.html
Comment 2 errata-xmlrpc 2010-11-08 20:12:24 UTC 
This issue has been addressed in following products:

  Red Hat Certificate System 8

Via RHSA-2010:0838 https://rhn.redhat.com/errata/RHSA-2010-0838.html
Comment 3 Tomas Hoger 2010-11-09 13:47:14 UTC 
https://fedorahosted.org/pki/changeset/1246