Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Red Hat FreeIPA 信息泄露漏洞
Vulnerability Description
Red Hat FreeIPA是美国红帽(Red Hat)公司的一套集成的安全信息管理解决方案。该方案对Linux和Unix计算机网络提供了易于管理的身份、策略和审计(IPA)套件。 FreeIPA 3.1.2之前的3.0版本中的默认LDAP ACIs存在安全漏洞,该漏洞源于程序没有限制对ipaNTTrustAuthIncoming和ipaNTTrustAuthOutgoing属性的访问。远程攻击者可利用该漏洞获取Cross-Realm Kerberos Trust密钥。
CVSS Information
N/A
Vulnerability Type
N/A