2 matches found
Design/Logic Flaw
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if...
PT-2014-3474 · Foreman · Foreman
Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.4.2 Description: The issue allows remote attackers to hijack web sessions. This is achieved via the session id cookie. Recommendations: For versions prior to 1.4.2, update to version 1.4.2 or later to resolve the...