VYPR

IPA

by Red Hat

CVEs (3)

  • CVE-2012-5631HigNov 25, 2019
    risk 0.57cvss 8.8epss 0.02

    ipa 3.0 does not properly check server identity before sending credential containing cookies

  • CVE-2023-5455MedJan 10, 2024
    risk 0.42cvss 6.5epss 0.01

    A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system…

  • CVE-2020-1722MedApr 27, 2020
    risk 0.35cvss 5.3epss 0.01

    A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat…