Bug 648883 (CVE-2010-3869) - CVE-2010-3869 Certificate System: SCEP one-time PIN reuse
Summary: CVE-2010-3869 Certificate System: SCEP one-time PIN reuse
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2010-3869
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 471318 609327 609328 621339
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-11-02 12:41 UTC by Tomas Hoger
Modified: 2019-09-29 12:40 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2010-11-09 07:58:46 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0837 0 normal SHIPPED_LIVE Moderate: rhpki security and enhancement update 2010-11-08 20:06:51 UTC
Red Hat Product Errata RHSA-2010:0838 0 normal SHIPPED_LIVE Moderate: pki security and enhancement update 2010-11-08 20:12:18 UTC

Description Tomas Hoger 2010-11-02 12:41:14 UTC 
Red Hat / Dogtag Certificate System did not prevent re-use of the one-time PIN used in the SCEP (Simple Certificate Enrollment Protocol) protocol enrollment requests.  The check was done to ensure that PIN is valid, but the PIN was never removed from the list of valid PINs once it was used.  An attacker possessing a valid SCEP enrollment one-time PIN could use it to generate an unlimited number of certificates.
Comment 1 errata-xmlrpc 2010-11-08 20:06:58 UTC 
This issue has been addressed in following products:

  Red Hat Certificate System 7.3

Via RHSA-2010:0837 https://rhn.redhat.com/errata/RHSA-2010-0837.html
Comment 2 errata-xmlrpc 2010-11-08 20:12:24 UTC 
This issue has been addressed in following products:

  Red Hat Certificate System 8

Via RHSA-2010:0838 https://rhn.redhat.com/errata/RHSA-2010-0838.html
Comment 3 Tomas Hoger 2010-11-09 13:47:14 UTC 
https://fedorahosted.org/pki/changeset/1246
Note You need to log in before you can comment on or make changes to this bug.