Unrated severityNVD Advisory· Published Nov 7, 2019· Updated Aug 7, 2024
CVE-2010-2450
CVE-2010-2450
Description
The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Shibboleth/Shibboleth SPdescription
- Range: = 2.0
Patches
Vulnerability mechanics
References
3- bugs.debian.org/cgi-bin/bugreport.cgimitrex_refsource_MISC
- security-tracker.debian.org/tracker/CVE-2010-2450mitrex_refsource_MISC
- todos.internet2.edu/browse/SSPCPP-106mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.