Astra Linux - уязвимость в freeipa

A vulnerability was discovered in FreeIPA when a Kerberos TGS-REQ is encrypted using the client’s session key. This key varies for each new session, which helps protect it from brute-force attacks. However, the ticket contained within the encrypted message is encrypted using the target principal...

Azure Linux 3.0 Security Update: samba (CVE-2022-45141)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-45141 advisory. - Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8...

TencentOS Server 2: ipa (TSSA-2024:0163)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0163 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

Linux Distros Unpatched Vulnerability : CVE-2024-3183

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client's session key. This key is different for each new session,...

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).

...

Important: ipa

Issue Overview: A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client's session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key...

SUSE CVE-2024-3183

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client's session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...

freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...

freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...

ALPINE-CVE-2022-45141

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption...

gnutls: session resumption works without master key allowing MITM

A flaw was found in GnuTLS, in versions starting from 3.6.4, where it does not session the ticket encryption key in a secure fashion by the application which is connecting. This flaw allows an attacker to craft a man-in-the-middle-attack, with the ability to bypass the TLS1.3 authentication and...

Updated gnutls packages fix security vulnerability

Updated gnutls packages fix security vulnerability: It was found that GnuTLS 3.6.4 introduced a regression in the TLS protocol implementation. This caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a MitM attacker...

Ubuntu: Security Advisory (USN-4384-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ALPINE-CVE-2020-13777

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS...

[SECURITY] [DSA 2729-1] openafs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2729-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 28, 2013 http://www.debian.org/security/faq -...