2 matches found
CVE-2017-11191
Summary: CVE-2017-11191 affects FreeIPA 4.x with API version 2.213, where a remote authenticated user can bypass account-locking by performing an unlock action using an old session ID for the same user. The vulnerability is described as a session hijacking/unlock bypass risk rooted in how unlocks...
FreeIPA 2.213 Session Hijacking
Description An attacker can hijack the session to unlock the users when they has been locked with his last sesiA3n. ===================================================================== Session hijacking This type of attack involves an adversary that exploits weaknesses in an application's use of...