Vigil@nce: Red Hat IPA, obtaining the password
September 2008 by Vigil@nce
SYNTHESIS
An anonymous attacker can connect to the LDAP server and obtain
the Master Password of Red Hat Enterprise IPA.
Gravity: 3/4
Consequences: administrator access/rights
Provenance: intranet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 11/09/2008
Identifier: VIGILANCE-VUL-8105
IMPACTED PRODUCTS
– Fedora [confidential versions]
– Red Hat Enterprise Linux [confidential versions]
DESCRIPTION
The Red Hat Enterprise IPA product centralizes the management of
identities and policies.
The Master Kerberos Password is used to encrypt keys and is stored
in a LDAP directory. However, the access rights to this password
were not defined: an attacker can use an anonymous session to read
it.
A network attacker can therefore obtain the Master Kerberos
Password.
CHARACTERISTICS
Identifiers: BID-31111, CVE-2008-3274, FEDORA-2008-7987,
FEDORA-2008-8003, RHSA-2008:0860-02, VIGILANCE-VUL-8105