1959971 – (CVE-2021-3551) CVE-2021-3551 pki-server: Dogtag installer "pkispawn" logs admin credentials into a world-readable log file

Bug 1959971 (CVE-2021-3551) - CVE-2021-3551 pki-server: Dogtag installer "pkispawn" logs admin credentials into a world-readable log file

Summary: CVE-2021-3551 pki-server: Dogtag installer "pkispawn" logs admin credentials ...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2021-3551
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2184518 1960143 1960144 1960145 1960146 1960147 1960167 1967401
Blocks:	1959973 1960325
TreeView+	depends on / blocked

Reported:	2021-05-12 18:17 UTC by Pedro Sampaio
Modified:	2023-04-04 21:27 UTC (History)
CC List:	14 users (show)
Fixed In Version:	pki-core 10.10.6
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.
Clone Of:
Environment:
Last Closed:	2021-06-03 11:32:12 UTC
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2021-05-12 18:17:15 UTC

A flaw was found in pki-core 10.10. Older versions are not affected.

When the pkispawn command is run in debug mode, admin credentials are stored in the installation log file, which is world readable.

Comment 5 Cedric Buissart 2021-05-13 12:27:01 UTC

Acknowledgments:

Name: Christian Heimes

Comment 8 Cedric Buissart 2021-06-03 06:03:13 UTC

Created pki-core tracking bugs for this issue:

Affects: fedora-all [bug 1967401]

Comment 9 errata-xmlrpc 2021-06-03 11:06:12 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:2235 https://access.redhat.com/errata/RHSA-2021:2235

Comment 10 Product Security DevOps Team 2021-06-03 11:32:12 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3551

Comment 11 Cedric Buissart 2021-06-14 15:30:58 UTC

Upstream fixes:

https://github.com/dogtagpki/pki/commit/0c2f3b84499584bb6029f5ba3988ed3cb081e548
https://github.com/dogtagpki/pki/commit/b01cd8cc7d3e391e69ed2c8161f7e15fa84553e6
https://github.com/dogtagpki/pki/commit/5b09fcaff11d33010469e695ef365a91c91674b5

Note You need to log in before you can comment on or make changes to this bug.