{"id":"CVE-2017-7537","details":"It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.","modified":"2026-05-18T05:49:59.812681496Z","published":"2018-07-26T13:29:00.340Z","database_specific":{"unresolved_ranges":[{"vendor_product":"redhat:enterprise_linux_desktop","cpes":["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.0"}],"source":"CPE_FIELD"},{"vendor_product":"redhat:enterprise_linux_server","cpes":["cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.0"}],"source":"CPE_FIELD"},{"vendor_product":"redhat:enterprise_linux_workstation","cpes":["cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.0"}],"source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2335"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7537"},{"type":"FIX","url":"https://github.com/dogtagpki/pki/commit/876d13c6d20e7e1235b9"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dogtagpki/pki","events":[{"introduced":"0"},{"fixed":"521099eae5977d37585b9b6bcbe50452086ac71a"}],"database_specific":{"cpe":"cpe:2.3:a:dogtagpki:dogtagpki:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"10.6.4"}],"source":"CPE_FIELD"}}],"versions":["v10.6.3","v10.6.2","v10.6.1","v10.6.0-rc","v10.6.0","v10.6.0-beta2","v10.6.0-beta","v10.5.3","v10.5.2","v10.5.1","DOGTAG_10_5_1_FEDORA_27","v10.5.0","DOGTAG_10_5_0_FEDORA_27","v10.4.8","DOGTAG_10_4_8_FEDORA_27","v10.4.7","DOGTAG_10_4_FEDORA_27_20170612","DOGTAG_10_4_FEDORA_27_20170605","v10.4.6","DOGTAG_10_4_FEDORA_27_20170530","v10.4.5","DOGTAG_10_4_FEDORA_27_20170522","v10.4.4","DOGTAG_10_4_FEDORA_27_20170509","v10.4.3","DOGTAG_10_4_FEDORA_27_20170501","v10.4.2","DOGTAG_10_4_FEDORA_27_20170413","v10.4.1","DOGTAG_10_4_FEDORA_27_20170331","v10.3.5","DOGTAG_10_3_5_FEDORA_24_20160808","v10.3.4","DOGTAG_10_3_4_FEDORA_24_20160705","v10.3.3","DOGTAG_10_3_3_FEDORA_24_20160620","v10.3.2","DOGTAG_10_3_2_FEDORA_24_20160607","v10.3.1","DOGTAG_10_3_1_FEDORA_24_20160517","v10.3.0","DOGTAG_10_3_0_FEDORA_24_20160516","DOGTAG_10_3_0_b1_FEDORA_24_BETA_20160418","DOGTAG_10_3_0_a2_FEDORA_24_ALPHA_20160407","DOGTAG_10_3_0_a1_FEDORA_24_ALPHA_20160307","DOGTAG_10_2_20150808","v10.2.6","DOGTAG_10_2_6_FEDORA_22_23_20150718","v10.2.5","DOGTAG_10_2_5_FEDORA_22_20150619","v10.2.4","DOGTAG_10_2_4_FEDORA_22_20150526","v10.2.3","DOGTAG_10_2_3_FEDORA_22_20150423","v10.2.2","DOGTAG_10_2_2_FEDORA_22_20150318","v10.2.1","DOGTAG_10_2_1_FEDORA_22_20150108","v10.2.0","pki-core-10.2.0-3","pki-core-10.2.1-0.1","DOGTAG_10_2_0_ALPHA_FEDORA_21_20140909","v10.1.0","DOGTAG_10_1_0_GA_FEDORA_20_20131121","DOGTAG_10_1_0_BETA_FEDORA_20_20131111","DOGTAG_10_1_0_BETA_20131111","v10.0.2","DOGTAG_10_0_2_FEDORA_18_19_20130507","DOGTAG_10_0_0_ALPHA_FEDORA_16_17_20120314"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7537.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}