CVE-2017-7537

Summary

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.

Affected Software

VendorProductVersion RangeStatus
Dogtag PKIpki-core10.6.4affected

Weaknesses

  • CWE-592: CWE-592

ADP Enrichment

CVE Program Container

Additional References

References