5 results (0.027 seconds)

CVSS: 6.5EPSS: 0%CPEs: 59EXPL: 0

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt. • https://access.redhat.com/errata/RHSA-2024:0137 https://access.redhat.com/errata/RHSA-2024:0138 https://access.redhat.com/errata/RHSA-2024:0139 https://access.redhat.com/errata/RHSA-2024:0140 https://access.redhat.com/errata/RHSA-2024:0141 https://access.redhat.com/errata/RHSA-2024:0142 https://access.redhat.com/errata/RHSA-2024:0143 https://access.redhat.com/errata/RHSA-2024:0144 https://access.redhat.com/errata/RHSA-2024:0145 https://access.redhat.com/errata/RHSA • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability. Se encontró un fallo en todas las versiones de ipa 4.x.x hasta 4.8.0. Cuando se envía una contraseña muy larga al servidor (mayores o iguales a 1,000,000 caracteres), el proceso de hashing de contraseña podría agotar la memoria y la CPU, conllevando a una denegación de servicio y el sitio web dejaría de responder. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1722 https://access.redhat.com/security/cve/CVE-2020-1722 https://bugzilla.redhat.com/show_bug.cgi?id=1793071 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

FreeIPA might display user data improperly via vectors involving non-printable characters. FreeIPA podría mostrar de forma incorrecta datos de usuario mediante vectores que incluyen caracteres que no se pueden imprimir. • https://bugzilla.redhat.com/show_bug.cgi?id=1252567 https://pagure.io/freeipa/issue/5153 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 31EXPL: 0

FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and does not recognize this report as a valid security concern ** EN DISPUTA ** Las versiones 4.x de FreeIPA que tengan la versión 2.213 de la API permiten que usuarios autenticados remotos omitan las restricciones de bloqueo de cuenta previstas mediante una acción de desbloqueo con un ID de sesión antiguo (para la misma cuenta de usuario) que se había creado para una sesión anterior. NOTA: El fabricante afirma que no existe este problema en este producto y no reconoce este informe como un problema de seguridad válido. FreeIPA version 2.213 suffers from a session hijacking vulnerability. • http://packetstormsecurity.com/files/143532/FreeIPA-2.213-Session-Hijacking.html • CWE-384: Session Fixation •

CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0

Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks. Ipa en versiones 4.2.x, 4.3.x anteriores a la 4.3.3 y 4.4.x anteriores a la 4.4.3 no comprobaba correctamente los permisos de usuario cuando se modificaban los perfiles de certificados en el comando certprofile-mod de IdM. Un atacante autenticado sin privilegios podría utilizar este fallo para modificar perfiles y enviar certificados con nombres arbitrarios o información de uso de claves y, como consecuencia, utilizar dichos certificados para otros ataques. It was found that IdM's certprofile-mod command did not properly check the user's permissions while modifying certificate profiles. • http://rhn.redhat.com/errata/RHSA-2017-0001.html http://www.securityfocus.com/bid/95068 https://bugzilla.redhat.com/show_bug.cgi?id=1395311 https://access.redhat.com/security/cve/CVE-2016-9575 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •