Lucene search
Redhat.comRH:CVE-2017-7488HistoryMay 11, 2017 - 2:00 p.m.
CVE-2017-7488
2017-05-1114:00:25
redhat.com
access.redhat.com
4
0.001 Low
EPSS
Percentile
49.1%
A flaw was found where authconfig could configure sssd in a way that treats existing and non-existing logins differently, leaking information on existence of a user. An attacker with physical or network access to the machine could enumerate users via a timing attack.
Mitigation
Possible workaround (with side-effects):
authconfig --enablesysnetauth --update
Related
oraclelinux
oraclelinux
authconfig security, bug fix, and enhancement update
2017-08-07 00:00:00
nessus
nessus
EulerOS 2.0 SP2 : authconfig (EulerOS-SA-2017-1196)
2017-09-08 00:00:00
Oracle Linux 7 : authconfig (ELSA-2017-2285)
2017-08-09 00:00:00
Fedora 26 : authconfig (2017-1fe6f25af9)
2017-07-17 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in authconfig affects PowerKVM
2018-06-18 01:38:06
fedora
fedora
[SECURITY] Fedora 26 Update: authconfig-7.0.1-1.fc26
2017-06-09 19:45:56
f5
f5
K99934702 : Authconfig vulnerability CVE-2017-7488
2018-01-08 00:00:00
prion
prion
Information disclosure
2017-05-16 18:29:00
nvd
nvd
CVE-2017-7488
2017-05-16 18:29:00
openvas
openvas
RedHat Update for authconfig RHSA-2017:2285-01
2017-08-04 00:00:00
Huawei EulerOS: Security Advisory for authconfig (EulerOS-SA-2017-1195)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for authconfig (EulerOS-SA-2017-1196)
2020-01-23 00:00:00
cve
cve
CVE-2017-7488
2017-05-16 18:29:00
redhat
redhat
amazon
amazon
Medium: authconfig
2017-08-30 23:37:00
cvelist
cvelist
CVE-2017-7488
2017-05-16 18:00:00
centos
centos
authconfig security update
2017-08-24 01:36:02