Bug 1959971 (CVE-2021-3551) - CVE-2021-3551 pki-server: Dogtag installer "pkispawn" logs admin credentials into a world-readable log file
Summary: CVE-2021-3551 pki-server: Dogtag installer "pkispawn" logs admin credentials ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-3551
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1960143 1960144 1960145 1960146 1960147 1960167 1967401
Blocks: 1959973 1960325
TreeView+ depends on / blocked
 
Reported: 2021-05-12 18:17 UTC by Pedro Sampaio
Modified: 2022-05-17 09:48 UTC (History)
14 users (show)

Fixed In Version: pki-core 10.10.6
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.
Clone Of:
Environment:
Last Closed: 2021-06-03 11:32:12 UTC


Attachments (Terms of Use)

Description Pedro Sampaio 2021-05-12 18:17:15 UTC
A flaw was found in pki-core 10.10. Older versions are not affected.

When the pkispawn command is run in debug mode, admin credentials are stored in the installation log file, which is world readable.

Comment 5 Cedric Buissart 2021-05-13 12:27:01 UTC
Acknowledgments:

Name: Christian Heimes

Comment 8 Cedric Buissart 2021-06-03 06:03:13 UTC
Created pki-core tracking bugs for this issue:

Affects: fedora-all [bug 1967401]

Comment 9 errata-xmlrpc 2021-06-03 11:06:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:2235 https://access.redhat.com/errata/RHSA-2021:2235

Comment 10 Product Security DevOps Team 2021-06-03 11:32:12 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3551


Note You need to log in before you can comment on or make changes to this bug.