High severity8.8NVD Advisory· Published Sep 28, 2017· Updated May 13, 2026
CVE-2017-11191
CVE-2017-11191
Description
FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and does not recognize this report as a valid security concern
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- packetstormsecurity.com/files/143532/FreeIPA-2.213-Session-Hijacking.htmlnvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.