Filtered by vendor Redhat
Subscriptions
Filtered by product Freeipa
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3274 | 1 Redhat | 2 Enterprise Ipa, Freeipa | 2023-02-13 | N/A |
| The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query. | ||||
| CVE-2011-3636 | 1 Redhat | 1 Freeipa | 2023-02-13 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes. | ||||
| CVE-2013-0336 | 1 Redhat | 1 Freeipa | 2017-08-29 | N/A |
| The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server. | ||||
| CVE-2013-0199 | 1 Redhat | 1 Freeipa | 2017-08-29 | N/A |
| The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors. | ||||
| CVE-2012-5484 | 1 Redhat | 1 Freeipa | 2013-02-07 | N/A |
| The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate. | ||||
Page 1 of 1.