(RHSA-2016:1797) Moderate: ipa security update

ID RHSA-2016:1797
Type redhat
Reporter RedHat
Modified 2018-06-06T20:24:29


Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

  • An insufficient permission check issue was found in the way IPA server treats certificate revocation requests. An attacker logged in with the 'retrieve certificate' permission enabled could use this flaw to revoke certificates, possibly triggering a denial of service attack. (CVE-2016-5404)

This issue was discovered by Fraser Tweedale (Red Hat).