ID RH:CVE-2017-11191 Type redhatcve Reporter redhat.com Modified 2019-10-12T00:18:37
Description
DISPUTED FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and does not recognize this report as a valid security concern.
{"id": "RH:CVE-2017-11191", "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2017-11191", "description": "** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and does not recognize this report as a valid security concern.\n", "published": "2017-09-29T11:19:06", "modified": "2019-10-12T00:18:37", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://access.redhat.com/security/cve/cve-2017-11191", "reporter": "redhat.com", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1475851"], "cvelist": ["CVE-2017-11191"], "immutableFields": [], "lastseen": "2021-09-02T22:47:32", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-11191"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:143532"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-11191"]}], "rev": 4}, "score": {"value": 4.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2017-11191"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:143532"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-11191"]}]}, "exploitation": null, "vulnersScore": 4.8}, "vendorCvss": {"score": "3.1", "vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "_state": {"dependencies": 1646024606}}
{"packetstorm": [{"lastseen": "2017-08-01T14:48:50", "description": "", "published": "2017-07-27T00:00:00", "type": "packetstorm", "title": "FreeIPA 2.213 Session Hijacking", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-11191"], "modified": "2017-07-27T00:00:00", "id": "PACKETSTORM:143532", "href": "https://packetstormsecurity.com/files/143532/FreeIPA-2.213-Session-Hijacking.html", "sourceData": "`[Description] \n \nAn attacker can hijack the session to unlock the users when they has been \nlocked with his last sesiA3n. \n \n===================================================================== \n \n[Session hijacking] \n \nThis type of attack involves an adversary that exploits weaknesses in an \napplication's use of sessions in performing authentication. The advarsary \nis able to steal or manipulate an active session and use it to gain \nunathorized access to the application. \n \n===================================================================== \n \n[Vulnerability Type] \n \nSession hijacking \n \n===================================================================== \n \n[Example scenario] \n \nWe are using two users to explain it: \n \n- [DEMO1] = Locked user \n \n- [DEMO2] = Normal user \n \nThe [DEMO1] has been locked to the system and we are using the [DEMO2] \nsession to try to unlock the [DEMO1] user but we canA't because we donA't \nhave this privileges so this is correct like you can see in this screenshot. \n \nThe session hijacking occurs when we use the old session that we had used \nwith [DEMO1] user before lock it. \nThis session hasnA't been deleted/expired so you can it to unlock the \n[DEMO1] user without problem like you can see in the next evidence. \n \n===================================================================== \n \n[Vendor of Product] \n \nRedhat \n \n===================================================================== \n \n[Affected Product Code Base] \n \nFreeIPA 2.213 \n \n===================================================================== \n \n[Affected Component] \n \nAffected client web browser/Active Directory Users \n \n===================================================================== \n \n[Attack Type] \n \nRemote \n \n===================================================================== \n \n[Discoverer] \n \nRicardo Sanchez Ruiz \n \n===================================================================== \n \n[Username] \n \nrsanchezr \n \n===================================================================== \n \n[CVE] \n \nCVE-2017-11191 \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/143532/freeipa-sessionhijack.txt"}], "ubuntucve": [{"lastseen": "2022-01-22T11:56:15", "description": "** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote\nauthenticated users to bypass intended account-locking restrictions via an\nunlock action with an old session ID (for the same user account) that had\nbeen created for an earlier session. NOTE: Vendor states that issue does\nnot exist in product and does not recognize this report as a valid security\nconcern.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-09-28T00:00:00", "type": "ubuntucve", "title": "CVE-2017-11191", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11191"], "modified": "2017-09-28T00:00:00", "id": "UB:CVE-2017-11191", "href": "https://ubuntu.com/security/CVE-2017-11191", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:30:58", "description": "** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and does not recognize this report as a valid security concern.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-28T01:29:00", "type": "cve", "title": "CVE-2017-11191", "cwe": ["CWE-384"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11191"], "modified": "2017-10-11T15:36:00", "cpe": ["cpe:/a:freeipa:freeipa:4.4.4", "cpe:/a:freeipa:freeipa:4.2.4", "cpe:/a:freeipa:freeipa:4.0.2", "cpe:/a:freeipa:freeipa:4.1.4", "cpe:/a:freeipa:freeipa:4.4.3", "cpe:/a:freeipa:freeipa:4.5.0", "cpe:/a:freeipa:freeipa:4.4.2", "cpe:/a:freeipa:freeipa:4.3.3", "cpe:/a:freeipa:freeipa:4.5.1", "cpe:/a:freeipa:freeipa:4.3.2", "cpe:/a:freeipa:freeipa:4.2.1", "cpe:/a:freeipa:freeipa:4.2.3", "cpe:/a:freeipa:freeipa:4.0.0", "cpe:/a:freeipa:freeipa:4.5.3", "cpe:/a:freeipa:freeipa:4.0.4", "cpe:/a:freeipa:freeipa:4.2.0", "cpe:/a:freeipa:freeipa:4.1.1", "cpe:/a:freeipa:freeipa:4.0.1", "cpe:/a:freeipa:freeipa:4.4.1", "cpe:/a:freeipa:freeipa:4.5.2", "cpe:/a:freeipa:freeipa:4.0.5", "cpe:/a:freeipa:freeipa:4.4.0", "cpe:/a:freeipa:freeipa:4.6.1", "cpe:/a:freeipa:freeipa:4.6.0", "cpe:/a:freeipa:freeipa:4.1.2", "cpe:/a:freeipa:freeipa:4.0.3", "cpe:/a:freeipa:freeipa:4.1.3", "cpe:/a:freeipa:freeipa:4.3.1", "cpe:/a:freeipa:freeipa:4.3.0", "cpe:/a:freeipa:freeipa:4.2.2", "cpe:/a:freeipa:freeipa:4.1.0"], "id": "CVE-2017-11191", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11191", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:freeipa:freeipa:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:freeipa:freeipa:4.2.1:*:*:*:*:*:*:*"]}]}
