// For flags

CVE-2017-12169

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. NOTE: some developers feel that this report is a suggestion for a design change to Stage User activation, not a statement of a vulnerability.

Se ha descubierto que FreeIPA, en versiones 4.2.0 y siguientes, podría revelar hashes de contraseña a los usuarios que tengan el permiso "System: Read Stage Users". Un atacante remoto autenticado podría emplear este error para revelar los hashes de contraseña que pertenecen a los usuarios Stage. Este problema de seguridad no resulta en la revelación de hashes de contraseña que pertenecen a usuarios estándar activos. NOTA: algunos desarrolladores creen que este informe es una sugerencia de cambio de diseño de la activación Stage User, no una declaración de vulnerabilidad.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-08-01 CVE Reserved
  • 2018-01-10 CVE Published
  • 2023-12-21 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
URL Tag Source
http://www.securityfocus.com/bid/102136 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1487697 Issue Tracking
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Freeipa
Search vendor "Freeipa"
 Freeipa
Search vendor "Freeipa" for product "Freeipa"
 >= 4.2.0
Search vendor "Freeipa" for product "Freeipa" and version " >= 4.2.0"
-
Affected