{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-01-29T00:00:00", "descriptions": [{"lang": "en", "value": "The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "33508", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33508"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=475998"}, {"name": "redhat-cs-tps-security-bypass(48331)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48331"}, {"name": "ADV-2009-0145", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0145"}, {"name": "RHSA-2009:0007", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2009-0007.html"}, {"name": "33693", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33693"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:40:16.977Z"}, "title": "CVE Program Container", "references": [{"name": "33508", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33508"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=475998"}, {"name": "redhat-cs-tps-security-bypass(48331)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48331"}, {"name": "ADV-2009-0145", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/0145"}, {"name": "RHSA-2009:0007", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2009-0007.html"}, {"name": "33693", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33693"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-5082", "datePublished": "2009-01-30T19:00:00", "dateReserved": "2008-11-14T00:00:00", "dateUpdated": "2024-08-07T10:40:16.977Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:_dogtag_certificate_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4A527642-BFD2-4F3F-8ED9-A16D4280777B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:certificate_system:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "A94B7103-11B7-4B1E-AE02-86210F9CCCAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "27FE079E-FB15-443C-BE2E-1D4C940BB8C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:certificate_system:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "E2654E6A-190C-4D5C-ABC0-89011DD8E293", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key."}, {"lang": "es", "value": "La funci\u00f3n verifyProof en el componente Token Processing System (TPS) en Red Hat Certificate System (RHCS) v7.1 hasta v7.3 y Dogtag Certificate System v1.0 devuelve con \u00e9xito incluso cuando el token implicado no utiliza la clave hardware, lo cual permite a usuarios remotos autenticados con privilegios implicados evitar pol\u00edticas de autenticaci\u00f3n intencionadas implic\u00e1ndose con una clave software.\r\n\r\n"}], "id": "CVE-2008-5082", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-01-30T19:30:00.250", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33693"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/33508"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2009/0145"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=475998"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48331"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2009-0007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33693"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/33508"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/0145"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=475998"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48331"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://rhn.redhat.com/errata/RHSA-2009-0007.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2009:0007", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "pkisetup-0:7.3.0-14.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2009-01-29T00:00:00Z"}, {"advisory": "RHSA-2009:0007", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-ca-0:7.3.0-17.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2009-01-29T00:00:00Z"}, {"advisory": "RHSA-2009:0007", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-common-0:7.3.0-40.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2009-01-29T00:00:00Z"}, {"advisory": "RHSA-2009:0007", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-kra-0:7.3.0-13.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2009-01-29T00:00:00Z"}, {"advisory": "RHSA-2009:0007", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-ocsp-0:7.3.0-11.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2009-01-29T00:00:00Z"}, {"advisory": "RHSA-2009:0007", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-ra-0:7.3.0-67.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2009-01-29T00:00:00Z"}, {"advisory": "RHSA-2009:0007", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-tks-0:7.3.0-12.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2009-01-29T00:00:00Z"}, {"advisory": "RHSA-2009:0007", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-tps-0:7.3.0-23.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2009-01-29T00:00:00Z"}, {"advisory": "RHSA-2009:0007", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-util-0:7.3.0-20.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2009-01-29T00:00:00Z"}], "bugzilla": {"description": "System: missing public key challenge proof verification in the TPS component", "id": "475998", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=475998"}, "csaw": false, "details": ["The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key."], "name": "CVE-2008-5082", "public_date": "2009-01-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-5082\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-5082"], "threat_severity": "Moderate"}