Man-in-the-Middle (MitM)

2019-01-1508:54:07

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

33.9%

JSON

ipa is vulnerable to man-in-the-middle attack. There is no secure way to provide the ipa server’s Certificate Authority (CA) certificate to a client during join, which limited the client’s ability to authenticate and verify the server. This allows an attacker to perform a man-in-the-middle attack against the client during a client enrollment process and obtain confidential information such as the administrator’s credentials.

CPENameOperatorVersion
ipaeq2.2.0__16.el6
ipaeq2.0.0__23.el6
ipaeq2.0.0__23.el6_1.2
ipaeq2.0.0__23.el6_1.1
ipaeq2.1.3__9.el6
ipa-clienteq2.0__14.el5
ipa-clienteq2.0__10.el5_6.1
ipa-clienteq2.0__14.el5_7.2
ipa-clienteq2.1.3__2.el5_8
ipa-clienteq2.0__10.el5

Name	Operator	Version
ipa	eq	2.2.0__16.el6
ipa	eq	2.0.0__23.el6
ipa	eq	2.0.0__23.el6_1.2
ipa	eq	2.0.0__23.el6_1.1
ipa	eq	2.1.3__9.el6
ipa-client	eq	2.0__14.el5
ipa-client	eq	2.0__10.el5_6.1
ipa-client	eq	2.0__14.el5_7.2
ipa-client	eq	2.1.3__2.el5_8
ipa-client	eq	2.0__10.el5