8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.3%
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is
encrypted using the client’s session key. This key is different for each
new session, which protects it from brute force attacks. However, the
ticket it contains is encrypted using the target principal key directly.
For user principals, this key is a hash of a public per-principal
randomly-generated salt and the user’s password.
If a principal is compromised it means the attacker would be able to
retrieve tickets encrypted to any principal, all of them being encrypted by
their own key directly. By taking these tickets and salts offline, the
attacker could run brute force attacks to find character strings able to
decrypt tickets when combined to a principal salt (i.e. find the
principal’s password).
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.3%