12 matches found
EUVD-2016-10381
Malware in sbrugna...
ipa: Invalid CSRF protection
A Cross-site request forgery vulnerability exists in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During...
ipa: Invalid CSRF protection
A Cross-site request forgery vulnerability exists in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During...
Rocky Linux 8 : idm:DL1 and idm:client (RLSA-2020:4670)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4670 advisory. - jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causi...
CVE-2020-1722
A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password = 1,000,000 characters to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this...
Design/Logic Flaw
A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password = 1,000,000 characters to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this...
CVE-2020-1722
A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password = 1,000,000 characters to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this...
PT-2020-14913 · Freeipa +6 · Ipa +6
Name of the Vulnerable Software and Affected Versions: ipa versions 4.x.x through 4.8.0 Description: A flaw was found in the password hashing process. When a very long password = 1,000,000 characters is sent to the server, it could exhaust memory and CPU, leading to a denial of service and the...
Design/Logic Flaw
Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary...
CVE-2016-9575
Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary...
CVE-2016-9575
Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary...
CVE-2016-9575
CVE-2016-9575 concerns an insufficient permission check in IPA’s certprofile-mod command. Affected products/versions include IPA 4.2.x, 4.3.x before 4.3.3, and 4.4.x before 4.4.3. An authenticated, unprivileged attacker could modify certificate profiles, enabling issuance of certificates with arb...