The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default.
View Full Alert
Related Posts
CVE-2010-2247makepasswd 1.10 default settings generate insecure passwords View Full Alert
CVE-2010-2490Mumble: murmur-server has DoS due to malformed client query View Full Alert
CVE-2010-3293mailscanner can allow local users to prevent virus signatures from being updated View Full Alert