PYSEC-2014-101

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/freeipa/PYSEC-2014-101.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2014-101
Withdrawn
2024-11-22T04:37:04Z
Published
2014-11-19T18:59:00Z
Modified
2024-11-21T14:22:50.589801Z
Summary
[none]
Details

FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind.

References

Affected packages

PyPI / freeipa

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*
4.4.0.dev1
4.5.0
4.5.2
4.5.4
4.6.1
4.6.2
4.6.3
4.6.4
4.6.5
4.6.7
4.7.0
4.7.1
4.7.2
4.7.4
4.7.5
4.8.0rc1
4.8.0
4.8.1
4.8.2
4.8.3
4.8.5
4.8.6
4.8.7
4.8.9
4.9.12
4.10.2
4.12.2

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/freeipa/PYSEC-2014-101.yaml"