The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.
References
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 02:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2008-09-12 16:56
Updated : 2023-12-10 10:51
NVD link : CVE-2008-3274
Mitre link : CVE-2008-3274
CVE.ORG link : CVE-2008-3274
JSON object : View
Products Affected
redhat
- enterprise_ipa
- freeipa
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor