CVE-2019-10136

Summary

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.

Affected Software

VendorProductVersion RangeStatus
spacewalkprojectspacewalkspacewalk all through 2.9affected

Weaknesses

  • CWE-347: CWE-347

ADP Enrichment

CVE Program Container

Additional References

References