Описание
The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.
Дополнительная информация
Статус:
Important
https://bugzilla.redhat.com/show_bug.cgi?id=457835IPA Kerberos master password disclosure
EPSS
Процентиль: 72%
0.00721
Низкий
Связанные уязвимости
nvd
около 17 лет назад
The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.
github
больше 3 лет назад
The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.
EPSS
Процентиль: 72%
0.00721
Низкий