CRITICAL 9.8

GHSA-5xv2-q475-rwrh

Katello uses hard coded credential

Details

The installation script in Katello 1.0 and earlier does not properly generate the `Application.config.secret_token` value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default `secret_token`.

Are you affected?

Enter the version of the package you're using.

Affected packages

RubyGems / katello

Introduced in: 0 Fixed in: 1.0.6

Fix bundle update katello

RubyGems / katello

Introduced in: 1.1.0 Fixed in: 1.1.7

Fix bundle update katello

References

https://nvd.nist.gov/vuln/detail/CVE-2012-3503 [ADVISORY]
https://github.com/Katello/katello/pull/499 [WEB]
https://github.com/Katello/katello/commit/7c256fef9d75029d0ffff58ff1dcda915056d3a3 [WEB]
https://github.com/Katello/katello [PACKAGE]
https://github.com/advisories/GHSA-5xv2-q475-rwrh [ADVISORY]
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/katello/CVE-2012-3503.yml [WEB]
https://web.archive.org/web/20140806122239/http://secunia.com/advisories/50344 [WEB]
https://web.archive.org/web/20200229120740/http://www.securityfocus.com/bid/55140 [WEB]
http://rhn.redhat.com/errata/RHSA-2012-1186.html [WEB]
http://rhn.redhat.com/errata/RHSA-2012-1187.html [WEB]