The default LDAP ACIs in FreeIPA 3.0 prior to 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote malicious users to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat freeipa 3.0.0 |
||
redhat freeipa 3.0.1 |
||
redhat freeipa 3.0.2 |
||
redhat freeipa 3.1.1 |