Candidate: CVE-2017-7537
PublicDate: 2018-07-26 13:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7537
 https://github.com/dogtagpki/pki/commit/876d13c6d20e7e1235b9
 https://bugzilla.redhat.com/show_bug.cgi?id=1470817
Description:
 It was found that a mock CMC authentication plugin with a hardcoded secret
 was accidentally enabled by default in the pki-core package before 10.6.4.
 An attacker could potentially use this flaw to bypass the regular
 authentication process and trick the CA server into issuing certificates.
Ubuntu-Description:
Notes:
 sbeattie> upstream fixed in 10.5.0
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869261
Priority: medium
Discovered-by: Christina Fu
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]

Patches_dogtag-pki:
 upstream: https://github.com/dogtagpki/pki/commit/876d13c6d20e7e1235b9
upstream_dogtag-pki: released (10.3.5+12-5)
precise/esm_dogtag-pki: DNE
trusty_dogtag-pki: DNE
trusty/esm_dogtag-pki: DNE
vivid/ubuntu-core_dogtag-pki: DNE
xenial_dogtag-pki: ignored (end of standard support, was needed)
zesty_dogtag-pki: ignored (reached end-of-life)
artful_dogtag-pki: ignored (reached end-of-life)
bionic_dogtag-pki: not-affected (10.6.0-1ubuntu2)
cosmic_dogtag-pki: not-affected (10.6.0-1ubuntu2)
disco_dogtag-pki: DNE
eoan_dogtag-pki: not-affected (10.6.0-1ubuntu2)
focal_dogtag-pki: not-affected
groovy_dogtag-pki: not-affected
hirsute_dogtag-pki: not-affected
impish_dogtag-pki: not-affected
jammy_dogtag-pki: not-affected
devel_dogtag-pki: not-affected