17 results (0.006 seconds)

CVSS: 6.5EPSS: 0%CPEs: 59EXPL: 0

CVE-2023-5455 – Ipa: invalid csrf protection

https://notcve.org/view.php?id=CVE-2023-5455

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt. • https://access.redhat.com/errata/RHSA-2024:0137 https://access.redhat.com/errata/RHSA-2024:0138 https://access.redhat.com/errata/RHSA-2024:0139 https://access.redhat.com/errata/RHSA-2024:0140 https://access.redhat.com/errata/RHSA-2024:0141 https://access.redhat.com/errata/RHSA-2024:0142 https://access.redhat.com/errata/RHSA-2024:0143 https://access.redhat.com/errata/RHSA-2024:0144 https://access.redhat.com/errata/RHSA-2024:0145 https://access.redhat.com/errata/RHSA • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

CVE-2020-1722 – ipa: No password length restriction leads to denial of service

https://notcve.org/view.php?id=CVE-2020-1722

A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability. Se encontró un fallo en todas las versiones de ipa 4.x.x hasta 4.8.0. Cuando se envía una contraseña muy larga al servidor (mayores o iguales a 1,000,000 caracteres), el proceso de hashing de contraseña podría agotar la memoria y la CPU, conllevando a una denegación de servicio y el sitio web dejaría de responder. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1722 https://access.redhat.com/security/cve/CVE-2020-1722 https://bugzilla.redhat.com/show_bug.cgi?id=1793071 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2012-5631

https://notcve.org/view.php?id=CVE-2012-5631

ipa 3.0 does not properly check server identity before sending credential containing cookies ipa versión 3.0, no comprueba apropiadamente la identidad del servidor antes de enviar credenciales que contienen cookies. • http://www.securityfocus.com/bid/56919 https://access.redhat.com/security/cve/cve-2012-5631 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5631 https://exchange.xforce.ibmcloud.com/vulnerabilities/80784 • CWE-565: Reliance on Cookies without Validation and Integrity Checking •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-12169

https://notcve.org/view.php?id=CVE-2017-12169

It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. NOTE: some developers feel that this report is a suggestion for a design change to Stage User activation, not a statement of a vulnerability. Se ha descubierto que FreeIPA, en versiones 4.2.0 y siguientes, podría revelar hashes de contraseña a los usuarios que tengan el permiso "System: Read Stage Users". • http://www.securityfocus.com/bid/102136 https://bugzilla.redhat.com/show_bug.cgi?id=1487697 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-5284

https://notcve.org/view.php?id=CVE-2015-5284

ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable. ipa-kra-install en FreeIPA en versiones anteriores a la 4.2.2 coloca el certificado de agente CA y la clave privada en /etc/httpd/alias/kra-agent.pem, que puede leer todo el mundo. • https://bugzilla.redhat.com/attachment.cgi?id=1075511 https://bugzilla.redhat.com/show_bug.cgi?id=1264790 https://pagure.io/freeipa/issue/5347 https://www.redhat.com/archives/freeipa-interest/2015-October/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •