Описание
FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on.
It was discovered that the default IdM password policies that lock out accounts after a certain number of failed login attempts were also applied to host and service accounts. A remote unauthenticated user could use this flaw to cause a denial of service attack against kerberized services.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | ipa | Will not fix | ||
| Red Hat Enterprise Linux 7 | ipa | Fixed | RHSA-2017:0001 | 02.01.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
4.3 Medium
CVSS2
Связанные уязвимости
FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on.
FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on.
FreeIPA uses a default password policy that locks an account after 5 u ...
FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on.
EPSS
7.5 High
CVSS3
4.3 Medium
CVSS2