EUVD-2021-26816

Malware in sbrugna...

foreman: possible man-in-the-middle in smart_proxy realm_freeipa

A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if...

Design/Logic Flaw

A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if...

PT-2021-20784 · Foreman +1 · Foreman +1

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 2.5.0 Description: A flaw in the smart proxy of Foreman, which provides a restful API to various sub-systems, can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL...