CVE-2023-5455 – Ipa: invalid csrf protection
https://notcve.org/view.php?id=CVE-2023-5455
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt. • https://access.redhat.com/errata/RHSA-2024:0137 https://access.redhat.com/errata/RHSA-2024:0138 https://access.redhat.com/errata/RHSA-2024:0139 https://access.redhat.com/errata/RHSA-2024:0140 https://access.redhat.com/errata/RHSA-2024:0141 https://access.redhat.com/errata/RHSA-2024:0142 https://access.redhat.com/errata/RHSA-2024:0143 https://access.redhat.com/errata/RHSA-2024:0144 https://access.redhat.com/errata/RHSA-2024:0145 https://access.redhat.com/errata/RHSA • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-1722 – ipa: No password length restriction leads to denial of service
https://notcve.org/view.php?id=CVE-2020-1722
A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability. Se encontró un fallo en todas las versiones de ipa 4.x.x hasta 4.8.0. Cuando se envía una contraseña muy larga al servidor (mayores o iguales a 1,000,000 caracteres), el proceso de hashing de contraseña podría agotar la memoria y la CPU, conllevando a una denegación de servicio y el sitio web dejaría de responder. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1722 https://access.redhat.com/security/cve/CVE-2020-1722 https://bugzilla.redhat.com/show_bug.cgi?id=1793071 • CWE-400: Uncontrolled Resource Consumption •
CVE-2012-5631
https://notcve.org/view.php?id=CVE-2012-5631
ipa 3.0 does not properly check server identity before sending credential containing cookies ipa versión 3.0, no comprueba apropiadamente la identidad del servidor antes de enviar credenciales que contienen cookies. • http://www.securityfocus.com/bid/56919 https://access.redhat.com/security/cve/cve-2012-5631 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5631 https://exchange.xforce.ibmcloud.com/vulnerabilities/80784 • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVE-2015-5284
https://notcve.org/view.php?id=CVE-2015-5284
ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable. ipa-kra-install en FreeIPA en versiones anteriores a la 4.2.2 coloca el certificado de agente CA y la clave privada en /etc/httpd/alias/kra-agent.pem, que puede leer todo el mundo. • https://bugzilla.redhat.com/attachment.cgi?id=1075511 https://bugzilla.redhat.com/show_bug.cgi?id=1264790 https://pagure.io/freeipa/issue/5347 https://www.redhat.com/archives/freeipa-interest/2015-October/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-5179
https://notcve.org/view.php?id=CVE-2015-5179
FreeIPA might display user data improperly via vectors involving non-printable characters. FreeIPA podría mostrar de forma incorrecta datos de usuario mediante vectores que incluyen caracteres que no se pueden imprimir. • https://bugzilla.redhat.com/show_bug.cgi?id=1252567 https://pagure.io/freeipa/issue/5153 • CWE-20: Improper Input Validation •