VYPR

Ipa

by Freeipa

CVEs (4)

  • CVE-2017-12169HigJan 10, 2018
    risk 0.49cvss 7.5epss 0.02

    It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does…

  • CVE-2016-9575MedMar 13, 2018
    risk 0.41cvss 6.3epss 0.01

    Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates…

  • CVE-2020-1722Apr 27, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat…

  • CVE-2012-5631Nov 25, 2019
    risk 0.00cvss epss 0.02

    ipa 3.0 does not properly check server identity before sending credential containing cookies