Bug 2101046 (CVE-2022-2393) - CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field
Summary: CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, us...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-2393
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2101897 2070766 2101898 2106458 2106459 2111487 2111489 2111492 2111493 2111497 2111498 2111499 2111501 2111508 2111509 2111512 2111513 2111514 2111517 2111518 2111519 2111520 2111521 2111541 2111542 2111543 2111545 2111546 2111547 2111549 2111550 2112220
Blocks: 2087256
TreeView+ depends on / blocked
 
Reported: 2022-06-24 23:27 UTC by Todd Cullum
Modified: 2023-09-19 19:39 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.
Clone Of:
Environment:
Last Closed: 2022-11-30 14:33:07 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:7077 0 None None None 2022-10-24 07:27:06 UTC
Red Hat Product Errata RHSA-2022:7086 0 None None None 2022-10-24 13:26:29 UTC
Red Hat Product Errata RHSA-2023:2293 0 None None None 2023-05-09 07:25:53 UTC
Red Hat Product Errata RHSA-2023:3394 0 None None None 2023-05-31 15:53:44 UTC

Description Todd Cullum 2022-06-24 23:27:32 UTC 
When using the caServerKeygen_DirUserCert profile with UserDirEnrollment auth type, usre are able to get a certificate for any UID I please simply by entering their name in the Subject information fields. This occurs only when Directory-based authentication is enabled, which is disabled by default.
Comment 4 errata-xmlrpc 2022-10-24 07:27:03 UTC 
This issue has been addressed in the following products:

  Red Hat Certificate System 9.7

Via RHSA-2022:7077 https://access.redhat.com/errata/RHSA-2022:7077
Comment 5 errata-xmlrpc 2022-10-24 13:26:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:7086 https://access.redhat.com/errata/RHSA-2022:7086
Comment 6 Product Security DevOps Team 2022-11-30 14:33:05 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-2393
Comment 7 errata-xmlrpc 2023-05-09 07:25:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2293 https://access.redhat.com/errata/RHSA-2023:2293
Comment 8 errata-xmlrpc 2023-05-31 15:53:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:3394 https://access.redhat.com/errata/RHSA-2023:3394
Note You need to log in before you can comment on or make changes to this bug.