Openfire has potential identity spoofing issue via unsafe CN parsing

Summary Identity spoofing in X.509 client certificate authentication in Openfire allows internal attackers to impersonate other users via crafted certificate subject attributes, due to regex-based extraction of CN from an unescaped, provider-dependent DN string. Analysis Openfire’s SASL EXTERNAL...

CVE-2025-59154

Openfire’s SASL EXTERNAL client TLS authentication uses X509Certificate.getSubjectDN().getName() with a regex to extract CN, producing a provider-dependent string that can fail to escape characters. This allows crafted DN values (e.g., OU="CN=admin,") to masquerade as another user by spoofing the...

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

A vulnerability was found in SSSD, in the libssscertmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented during a PKINIT...

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

A vulnerability was found in SSSD, in the libssscertmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented during a PKINIT...

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

A vulnerability was found in SSSD, in the libssscertmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented during a PKINIT...

KB5014991: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2012

KB5014991: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2012 Summary This update includes improvements for the following issue: Addresses a known issue that might cause authentication failures for some services on a server o...

KB5014986: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2012 R2

KB5014986: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2012 R2 Summary This update includes improvements for the following issue: Addresses a known issue that might cause authentication failures for some services on a serve...

KB5014990: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2008 SP2

KB5014990: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2008 SP2 Summary This update includes improvements for the following issue: Addresses a known issue that might cause authentication failures for some services on a serv...