PYSEC-2014-100

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/freeipa/PYSEC-2014-100.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2014-100

Withdrawn

2024-11-22T04:37:04Z

Published

2014-05-29T14:19:00Z

Modified

2024-11-21T14:22:50.537629Z

Summary

[none]

Details

The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.

References

Affected packages

PyPI / freeipa

Package

Name: freeipa; View open source insights on deps.dev
Purl: pkg:pypi/freeipa

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.0.dev1

4.5.0

4.5.2

4.5.4

4.6.1

4.6.2

4.6.3

4.6.4

4.6.5

4.6.7

4.7.0

4.7.1

4.7.2

4.7.4

4.7.5

4.8.0rc1

4.8.0

4.8.1

4.8.2

4.8.3

4.8.5

4.8.6

4.8.7

4.8.9

4.9.12

4.10.2

4.12.2

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/freeipa/PYSEC-2014-100.yaml"