PYSEC-2014-103

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/ipa/PYSEC-2014-103.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2014-103

Withdrawn

2024-11-22T04:37:04Z

Published

2014-05-29T14:19:00Z

Modified

2024-11-21T14:22:51.957056Z

Summary

[none]

Details

The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.

References

Affected packages

PyPI / ipa

Package

Name: ipa; View open source insights on deps.dev
Purl: pkg:pypi/ipa

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.0.dev1

4.5.0

4.5.2

4.5.4

4.6.2

4.6.3

4.6.4

4.6.5

4.6.7

4.7.0

4.7.1

4.7.2

4.7.4

4.7.5

4.8.0rc1

4.8.0

4.8.1

4.8.2

4.8.3

4.8.5

4.8.6

4.8.7

4.8.9

4.9.12

4.10.2

4.12.2

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/ipa/PYSEC-2014-103.yaml"