Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-3274 | 1 Redhat | 2 Enterprise Ipa, Freeipa | 2023-02-12 | 5.0 MEDIUM | N/A |
The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query. | |||||
CVE-2011-3636 | 1 Redhat | 1 Freeipa | 2023-02-12 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes. | |||||
CVE-2013-0199 | 1 Redhat | 1 Freeipa | 2017-08-28 | 5.0 MEDIUM | N/A |
The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors. | |||||
CVE-2013-0336 | 1 Redhat | 1 Freeipa | 2017-08-28 | 5.0 MEDIUM | N/A |
The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server. | |||||
CVE-2012-5484 | 1 Redhat | 1 Freeipa | 2013-02-06 | 7.9 HIGH | N/A |
The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate. |