CVE-2015-5284

Name of the Vulnerable Software and Affected Versions FreeIPA versions prior to 4.2.2

Description The issue concerns the installation of ipa-kra-install in FreeIPA, where the CA agent certificate and private key are stored in a world-readable file, /etc/httpd/alias/kra-agent.pem.

Recommendations For versions prior to 4.2.2, update to version 4.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the /etc/httpd/alias/kra-agent.pem file to minimize the risk of exploitation.