FreeIPA 4.0.x prior to 4.0.5 and 4.1.x prior to 4.1.1, when 2FA is enabled, allows remote malicious users to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
freeipa freeipa 4.0.0 |
||
freeipa freeipa 4.0.1 |
||
freeipa freeipa 4.0.2 |
||
freeipa freeipa 4.0.3 |
||
freeipa freeipa 4.0.4 |
||
freeipa freeipa 4.1.1 |