CVE-2016-7030

First published: Fri Aug 26 2016(Updated: )

A flaw was found that allows any unauthenticated party to easily run DoS attack against kerberized services in FreeIPA/IdM realm. FreeIPA contains MIT KDC as its main component + FreeIPA is using custom database driver for the KDC. As a side-effect of implementation, FreeIPA is enforcing password policies for all principals, including services which do not use "password" but keytab with randomly-generated/strong key. Default password policy locks an account after 5 unsuccessful authentication attempts for 10 minutes. An attacker can use this to simply lock-out any principal, including system services. Upstream patch : <a href="https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=6f1d927467e7907fd1991f88388d96c67c9bff61">https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=6f1d927467e7907fd1991f88388d96c67c9bff61</a> Additional dependency : <a href="https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=73f33569c8893610e246b2f44a7aeaec872b37e6">https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=73f33569c8893610e246b2f44a7aeaec872b37e6</a>

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Freeipa Freeipa	=4.6.0

Never miss a vulnerability like this again

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

CVE-2016-7030

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact