VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 20, 2009· Updated Apr 23, 2026

CVE-2008-2368

CVE-2008-2368

Description

Red Hat Certificate System 7.2 stores passwords in cleartext in debug logs with weak permissions, allowing local users to read them.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Red Hat Certificate System 7.2 stores passwords in cleartext in debug logs with weak permissions, allowing local users to read them.

Vulnerability

Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files [2]. These files are created with weak permissions, making them readable by any local user on the system [2].

Exploitation

An attacker with local access to the system can read the debug log files to obtain plaintext passwords. No authentication or special privileges are required beyond the ability to read the files from the filesystem [2].

Impact

Successful exploitation leads to disclosure of plaintext passwords, which may be used to gain unauthorized access to the Certificate System or other services that share the same credentials [2].

Mitigation

No fix or workaround is disclosed in the available references. Red Hat has not published a patch or mitigation for this issue in the referenced sources.

References
  1. 452000 – (CVE-2008-2368) CVE-2008-2368 Certificate System: plain text passwords stored in debug log

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Red Hat/Certificate System2 versions
    cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:*
    • (no CPE)range: = 7.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.