Unrated severityNVD Advisory· Published May 29, 2014· Updated May 6, 2026

CVE-2013-0199

Description

The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.

Affected products

Red Hat/Freeipa4 versions
cpe:2.3:a:redhat:freeipa:3.0.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:redhat:freeipa:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:freeipa:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:freeipa:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:freeipa:3.1.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.freeipa.org/page/CVE-2013-0199nvdPatchVendor Advisory
osvdb.org/89539nvd
www.freeipa.org/page/Releases/3.1.2nvd
www.securityfocus.com/bid/57542nvd
exchange.xforce.ibmcloud.com/vulnerabilities/81486nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000