Back

Critical Dogtag PKI Vulnerability in Ubuntu Allows Unauthorized Certificate Renewal

Severity: High (Score: 72.9)

Sources: Linuxsecurity, Ubuntu

Summary

A critical security vulnerability has been identified in Dogtag PKI affecting Ubuntu 20.04 LTS and 18.04 LTS. Discovered by Fraser Tweedale and Geetika Kapoor, this flaw allows attackers to renew compromised certificates without proper authentication. This unauthorized renewal could lead to persistent access to network resources by malicious actors. The vulnerability impacts systems using Dogtag PKI, an enterprise-class Certificate Authority. Users are advised to update their systems to the latest package versions to mitigate the risk. The vulnerability is categorized under USN-8158, and Ubuntu Pro users can access the necessary updates. A standard system update is recommended to address this issue. The situation is critical, and immediate action is advised to prevent potential exploitation. Key Points: • Dogtag PKI vulnerability allows unauthorized certificate renewal. • Affected systems include Ubuntu 20.04 LTS and 18.04 LTS. • Immediate system updates are required to mitigate the risk.

Key Entities

  • CVE-2021-20179 (cve)
  • Dogtag PKI (platform)
  • Ubuntu Pro (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed