Scientific Linux Security Update : pki-core on SL7.x x86_64
High Nessus Plugin ID 102652
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionSecurity Fix(es) :
- It was found that a mock CMC authentication plugin with a hard-coded secret was accidentally enabled by default in the pki-core package. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates. (CVE-2017-7537)
SolutionUpdate the affected packages.