Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-12169

Опубликовано: 06 дек. 2017
Источник: redhat
CVSS3: 2.7
EPSS Низкий

Описание

It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. NOTE: some developers feel that this report is a suggestion for a design change to Stage User activation, not a statement of a vulnerability.

It was found that IPA could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6ipaNot affected
Red Hat Enterprise Linux 7ipaAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1487697ipa: Password hash disclosure via 'System: Read Stage Users' permission

EPSS

Процентиль: 44%
0.00219
Низкий

2.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-12169

CVSS3: 7.5
ubuntu
около 8 лет назад

It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. NOTE: some developers feel that this report is a suggestion for a design change to Stage User activation, not a statement of a vulnerability.

nvd логотип

CVE-2017-12169

CVSS3: 7.5
nvd
около 8 лет назад

It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. NOTE: some developers feel that this report is a suggestion for a design change to Stage User activation, not a statement of a vulnerability.

debian логотип

CVE-2017-12169

CVSS3: 7.5
debian
около 8 лет назад

It was found that FreeIPA 4.2.0 and later could disclose password hash ...

github логотип

GHSA-8qm6-jxp9-c775

CVSS3: 7.5
github
больше 3 лет назад

It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. NOTE: some developers feel that this report is a suggestion for a design change to Stage User activation, not a statement of a vulnerability.

fstec логотип

BDU:2025-05018

CVSS3: 7.5
fstec
около 9 лет назад

Уязвимость сервера FreeIpa, связанная с недостаточной защитой служебных данных, позволяющая нарушителю обойти существующие ограничения безопасности и раскрыть защищаемую информацию

EPSS

Процентиль: 44%
0.00219
Низкий

2.7 Low

CVSS3