CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2008-3274 – IPA Kerberos master password disclosure
https://notcve.org/view.php?id=CVE-2008-3274
The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query. La configuración por defecto de Red Hat Enterprise IPA versión 1.0.0 y FreeIPA versiones anteriores a 1.1.1 pone ldap:///anyone en la ACL de lectura para el atributo krbMKey, lo que permite a atacantes remotos obtener la clave maestra de Kerberos utilizando una consulta LDAP anónima. • http://git.fedorahosted.org/git/freeipa.git/?p=freeipa.git%3Ba=commit%3Bh=9932887f2af38b9701efec27707648c026ec445c http://rhn.redhat.com/errata/RHSA-2008-0860.html http://secunia.com/advisories/31861 http://www.freeipa.org/page/CVE-2008-3274 http://www.freeipa.org/page/Downloads http://www.freeipa.org/page/News http://www.securityfocus.com/bid/31111 http://www.securitytracker.com/id?1020850 https://bugzilla.redhat.com/show_bug.cgi?id=457835 https://www.redhat.com/archives/fedo • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •