Shodan
Vulnerabilities
Vulnerable Software
Freeipa:  Security Vulnerabilities
CVE-2017-11191
FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and does not recognize this report as a valid security concern
CVSS Score
8.8
EPSS Score
0.001
Published
2017-09-28
CVE-2015-5284
ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-09-21
CVE-2015-5179
FreeIPA might display user data improperly via vectors involving non-printable characters.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-09-20
CVE-2016-7030
FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on.
CVSS Score
7.5
EPSS Score
0.015
Published
2017-08-28
CVE-2016-5414
FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-06-27
CVE-2016-5404
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
CVSS Score
6.5
EPSS Score
0.007
Published
2016-09-07
CVE-2015-1827
The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups.
CVSS Score
5.0
EPSS Score
0.012
Published
2015-03-30
CVE-2014-7850
Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-11-28
CVE-2014-7828
FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind.
CVSS Score
3.5
EPSS Score
0.004
Published
2014-11-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved