CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2016-9575 – ipa: Insufficient permission check in certprofile-mod
https://notcve.org/view.php?id=CVE-2016-9575
02 Jan 2017 — Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks. Ipa en versiones 4.2.x, 4.3.x anteriores a la 4.3.3 y 4.4.x anteriores a la 4.4.3 no comprobaba correctamente los permisos de u... • http://rhn.redhat.com/errata/RHSA-2017-0001.html • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2015-1827 – ipa: memory corruption when using get_user_grouplist()
https://notcve.org/view.php?id=CVE-2015-1827
26 Mar 2015 — The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups. La función get_user_grouplist en el plug-in extdom en FreeIPA en versiones anteriores a 4.1.4 no reasigna memoria correctamente cuando procesa las cuentas de usuarios, lo que permite a atacantes remotos causar denegación d... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154314.html • CWE-19: Data Processing Errors CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2014-7850
https://notcve.org/view.php?id=CVE-2014-7850
28 Nov 2014 — Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation. Vulnerabilidad de XSS en la IU Web en FreeIPA 4.x anterior a 4.1.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con la navegación 'breadcrumb'. • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144848.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 0CVE-2014-7828
https://notcve.org/view.php?id=CVE-2014-7828
19 Nov 2014 — FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind. FreeIPA 4.0.x anterior a 4.0.5 y 4.1.x anterior a 4.1.1, cuando 2FA está activado, permite a atacantes remotos evadir la contraseña requerida por la autenticación de dos factores aprovechando un token OTP habilitado, lo que provoca un bind anónimo. • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/143000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 1CVE-2013-0336
https://notcve.org/view.php?id=CVE-2013-0336
03 Nov 2014 — The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server. La función ipapwd_chpwop en daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c en el servidor del directorio (dirsrv) en FreeIPA anterior a 3.2.0 permite a atacantes remotos causar una denegación de servicio (caída) a ... • http://secunia.com/advisories/52763 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-0199
https://notcve.org/view.php?id=CVE-2013-0199
29 May 2014 — The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors. Las instrucciones de control de acceso LDAP por defecto en FreeIPA 3.0 anterior a 3.1.2 no restringen acceso a los atributos (1) ipaNTTrustAuthIncoming y (2) ipaNTTrustAuthOutgoing, lo que permite a atacantes remotos obtener la clave Cross-Realm Kerberos Trust a ... • http://osvdb.org/89539 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.9EPSS: 0%CPEs: 11EXPL: 0CVE-2012-5484 – ipa: weakness when initiating join from IPA client can potentially compromise IPA domain
https://notcve.org/view.php?id=CVE-2012-5484
27 Jan 2013 — The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate. El cliente FreeIPA v2.x y v3.x anterior a v3.1.2 no obtiene de forma adecuada el certificado Certification Authority (CA) del servidor, lo que permite ataques man-in-the-middle para falsear el procedimiento de conexión a través de un certificado manipulado. • http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f • CWE-310: Cryptographic Issues •
CVSS: 8.8EPSS: 0%CPEs: 27EXPL: 0CVE-2011-3636 – FreeIPA: CSRF vulnerability
https://notcve.org/view.php?id=CVE-2011-3636
08 Dec 2011 — Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes. Vulnerabilidad de falsificación de petición en sitios cruzados en el interfaz de gestión en FreeIPA antes de v2.1.4, permite a atacantes no identificados secuestrar la autenticación de administradores para peticiones que realizan cambios de configuración. • http://freeipa.org/page/IPAv2_214 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2008-3274 – IPA Kerberos master password disclosure
https://notcve.org/view.php?id=CVE-2008-3274
12 Sep 2008 — The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query. La configuración por defecto de Red Hat Enterprise IPA versión 1.0.0 y FreeIPA versiones anteriores a 1.1.1 pone ldap:///anyone en la ACL de lectura para el atributo krbMKey, lo que permite a atacantes remotos obtener la clave maestra de Kerberos utilizando una consulta ... • http://git.fedorahosted.org/git/freeipa.git/?p=freeipa.git%3Ba=commit%3Bh=9932887f2af38b9701efec27707648c026ec445c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •