Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Red Hat IPA, obtaining the password

September 2008 by Vigil@nce

SYNTHESIS

An anonymous attacker can connect to the LDAP server and obtain the Master Password of Red Hat Enterprise IPA.

Gravity: 3/4

Consequences: administrator access/rights

Provenance: intranet client

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 11/09/2008

Identifier: VIGILANCE-VUL-8105

IMPACTED PRODUCTS

- Fedora [confidential versions]
- Red Hat Enterprise Linux [confidential versions]

DESCRIPTION

The Red Hat Enterprise IPA product centralizes the management of identities and policies.

The Master Kerberos Password is used to encrypt keys and is stored in a LDAP directory. However, the access rights to this password were not defined: an attacker can use an anonymous session to read it.

A network attacker can therefore obtain the Master Kerberos Password.

CHARACTERISTICS

Identifiers: BID-31111, CVE-2008-3274, FEDORA-2008-7987, FEDORA-2008-8003, RHSA-2008:0860-02, VIGILANCE-VUL-8105

https://vigilance.aql.fr/tree/1/8105




See previous articles

    

See next articles