Ipa
by Freeipa
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12169 | Hig | 0.49 | 7.5 | 0.02 | Jan 10, 2018 | It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does… | ||
| CVE-2016-9575 | Med | 0.41 | 6.3 | 0.01 | Mar 13, 2018 | Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates… | ||
| CVE-2020-1722 | 0.00 | — | 0.01 | Apr 27, 2020 | A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat… | |||
| CVE-2012-5631 | 0.00 | — | 0.02 | Nov 25, 2019 | ipa 3.0 does not properly check server identity before sending credential containing cookies |
- risk 0.49cvss 7.5epss 0.02
It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does…
- risk 0.41cvss 6.3epss 0.01
Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates…
- CVE-2020-1722Apr 27, 2020risk 0.00cvss —epss 0.01
A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat…
- CVE-2012-5631Nov 25, 2019risk 0.00cvss —epss 0.02
ipa 3.0 does not properly check server identity before sending credential containing cookies