Astra Linux - уязвимость в freeipa

A privilege escalation from the host to the domain vulnerability was identified in the FreeIPA project. By default, the FreeIPA package fails to validate the uniqueness of the krbCanonicalName for the admin account, allowing users to create services with the same canonical name as the REALM admin...

Astra Linux - уязвимость в freeipa

A flaw was identified in the FreeIPA API audit; it sends the entire FreeIPA command line to journalctl. As a result, during the FreeIPA installation process, administrative user credentials—including the administrator’s password—are inadvertently leaked into the journal database. In the worst-cas...

RockyLinux 8 : idm:DL1 (RLSA-2025:17129)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:17129 advisory. FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA CVE-2025-7493 Tenable has extracted the preceding description block directly from the...

sssd security update

1.16.5-10.0.5.16 - krb5: disable Kerberos localauth an2ln plugin for AD/IPA Orabug: 38621159...

RLSA-2025:20994 Important: ipa security update

Rocky Enterprise Software Foundation Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA...

FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA

A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA...

RHEL 9 : ipa (RHSA-2025:20928)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:20928 advisory. Red Hat Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-base...

RLSA-2025:17085 Important: ipa security update

Rocky Enterprise Software Foundation Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA...

Amazon Linux 2 : 389-ds-base, --advisory ALAS2-2025-3025 (ALAS-2025-3025)

The version of 389-ds-base installed on the remote host is prior to 1.3.10.2-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3025 advisory. A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to...

ipa security update

An update is available for ipa. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky Enterprise Software Foundation Identity Management IdM is a centralized...

[SECURITY] Fedora 42 Update: freeipa-4.12.5-2.fc42

IPA is an integrated solution to provide centrally managed Identity users, hosts, services, Authentication SSO, 2FA, and Authorization host access control, SELinux user roles, services. The solution provides features for further integration with Linux based clients SUDO, automount and integration...

[SECURITY] Fedora 43 Update: freeipa-4.12.5-2.fc43

IPA is an integrated solution to provide centrally managed Identity users, hosts, services, Authentication SSO, 2FA, and Authorization host access control, SELinux user roles, services. The solution provides features for further integration with Linux based clients SUDO, automount and integration...

Fedora 42 : freeipa (2025-e41ba62ff1)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-e41ba62ff1 advisory. - CVE-2025-7493: host to admin escalation prevention: https://www.freeipa.org/release-notes/4-12-5.html - Update FreeIPA to latest fixes from ipa-4-12 branch...

AZL-68190 CVE-2025-7493 affecting package 389-ds-base 3.1.1-10

A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA...

PT-2025-34: Privilege escalation from host to domain admin in FreeIPA

The vulnerability was identified in FreeIPA, versions to 4.12.4. The discovered vulnerability allows an attacker to retrieve a Kerberos ticket for domain admin. The vulnerability allows an attacker to access and exfiltrate sensitive data. Vulnerability status: Confirmed by vendor Date of...

freeipa: delegation rules allow a proxy service to impersonate any user to access another target service

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the checkallowedtodelegate function: If the target service...

pki: Dogtag's python client does not validate certificates

A flaw was found in PKI, where the dogtag's pki.client.PKIConnection class disables the python-requests certificate validation. This flaw allows an attacker to intercept a connection between a FreeIPA client and a server, and execute an active Man-in-the-Middle attack. The highest threat from thi...

DEBIAN-CVE-2019-10195

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with...

No title provided

The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query...