The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA prior to 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote malicious users to obtain the Kerberos master key via an anonymous LDAP query.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat freeipa |
||
redhat freeipa 0.99 |
||
redhat enterprise ipa 1.0.0 |
||
redhat freeipa 1.0.0 |