THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2023-4727

Dogtag ca: token authentication bypass vulnerability

Reserved:2023-09-01
Published:2024-06-11
Updated:2024-06-12

Description

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.



HIGH: 7.5CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Authentication Bypass by Primary Weakness

Product status

Default status
affected

Default status
unknown

Default status
affected

Default status
affected

Default status
affected

Timeline

2023-08-15:Reported to Red Hat.
2024-06-11:Made public.

Credits

Red Hat would like to thank Pham Van Khanh (Calif) for reporting this issue.

References

https://access.redhat.com/security/cve/CVE-2023-4727 vdb-entry

https://bugzilla.redhat.com/show_bug.cgi?id=2232218 (RHBZ#2232218) issue-tracking

cve.org CVE-2023-4727

nvd.nist.gov CVE-2023-4727

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-4727