freeipa freeipa vulnerabilities and exploits

(subscribe to this query)

FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exi...

Freeipa Freeipa 4.0.0 Freeipa Freeipa 4.0.1 Freeipa Freeipa 4.0.2 Freeipa Freeipa 4.0.3 Freeipa Freeipa 4.0.4 Freeipa Freeipa 4.0.5 Freeipa Freeipa 4.1.0 Freeipa Freeipa 4.1.1 Freeipa Freeipa 4.1.2 Freeipa Freeipa 4.1.3 Freeipa Freeipa 4.1.4 Freeipa Freeipa 4.2.0

Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x prior to 4.1.2 allows remote malicious users to inject arbitrary web script or HTML via vectors related to breadcrumb navigation.

Freeipa Freeipa 4.0.0 Freeipa Freeipa 4.0.1 Freeipa Freeipa 4.0.2 Freeipa Freeipa 4.0.3 Freeipa Freeipa 4.0.4 Freeipa Freeipa 4.0.5 Freeipa Freeipa 4.1.0 Freeipa Freeipa 4.1.1

FreeIPA 4.0.x prior to 4.0.5 and 4.1.x prior to 4.1.1, when 2FA is enabled, allows remote malicious users to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind.

Freeipa Freeipa 4.0.0 Freeipa Freeipa 4.0.1 Freeipa Freeipa 4.0.2 Freeipa Freeipa 4.0.3 Freeipa Freeipa 4.0.4 Freeipa Freeipa 4.1.1

Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA prior to 2.1.4 allows remote malicious users to hijack the authentication of administrators for requests that make configuration changes.

Redhat Freeipa Redhat Freeipa 0.99 Redhat Freeipa 0.99698-20080228 Redhat Freeipa 0.99698641-20080218 Redhat Freeipa 1.0.0 Redhat Freeipa 1.1.0 Redhat Freeipa 1.1.1 Redhat Freeipa 1.2.0 Redhat Freeipa 1.2.1 Redhat Freeipa 1.2.2 Redhat Freeipa 1.9.0 Redhat Freeipa 2.0.0

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() funct...

Freeipa Freeipa Freeipa Freeipa 4.12.0

The client in FreeIPA 2.x and 3.x prior to 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle malicious users to spoof a join procedure via a crafted certificate.

Redhat Freeipa 2.0.0 Redhat Freeipa 2.0.1 Redhat Freeipa 2.1.0 Redhat Freeipa 2.1.1 Redhat Freeipa 2.1.3 Redhat Freeipa 2.1.4 Redhat Freeipa 2.2.1 Redhat Freeipa 3.0.0 Redhat Freeipa 3.0.1 Redhat Freeipa 3.0.2 Redhat Freeipa 3.1.1

The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA prior to 3.2.0 allows remote malicious users to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 d...

Redhat Freeipa Redhat Freeipa 3.0.0 Redhat Freeipa 3.0.1 Redhat Freeipa 3.0.2 Redhat Freeipa 3.1.1 Redhat Freeipa 3.1.2 Redhat Freeipa 3.1.3 Redhat Freeipa 3.1.4

The default LDAP ACIs in FreeIPA 3.0 prior to 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote malicious users to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.

Redhat Freeipa 3.0.0 Redhat Freeipa 3.0.1 Redhat Freeipa 3.0.2 Redhat Freeipa 3.1.1

ipa-kra-install in FreeIPA prior to 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.

Freeipa Freeipa

FreeIPA might display user data improperly via vectors involving non-printable characters.

Freeipa Freeipa

1 2 3 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook