Unrated severityNVD Advisory· Published Jan 30, 2009· Updated Apr 23, 2026

CVE-2008-5082

Description

The verifyProof function in the Token Processing System (TPS) component in Red Hat Certificate System (RHCS) 7.1 through 7.3 and Dogtag Certificate System 1.0 returns successfully even when token enrollment did not use the hardware key, which allows remote authenticated users with enrollment privileges to bypass intended authentication policies by performing enrollment with a software key.

Affected products

Red Hat/Certificate System3 versions
cpe:2.3:a:redhat:certificate_system:7.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:redhat:certificate_system:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:certificate_system:7.3:*:*:*:*:*:*:*
Red Hat/Dogtag Certificate System
cpe:2.3:a:redhat:_dogtag_certificate_system:1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/33693nvdVendor Advisory
rhn.redhat.com/errata/RHSA-2009-0007.htmlnvdVendor Advisory
www.securityfocus.com/bid/33508nvd
www.vupen.com/english/advisories/2009/0145nvd
bugzilla.redhat.com/show_bug.cginvd
exchange.xforce.ibmcloud.com/vulnerabilities/48331nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000