Jamison Bennett

**Name of the Vulnerable Software and Affected Versions** FreeIPA versions 4.6.x before 4.6.7 FreeIPA versions 4.7.x before 4.7.4 FreeIPA versions 4.8.x before 4.8.3 **Description** A flaw was found in the way FreeIPA's batch processing API logged operations, including passing user passwords in clear text on FreeIPA masters. This could allow an attacker with access to system logs on FreeIPA masters to produce log file content with passwords exposed. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. **Recommendations** For FreeIPA versions 4.6.x before 4.6.7, update to version 4.6.7 or later. For FreeIPA versions 4.7.x before 4.7.4, update to version 4.7.4 or later. For FreeIPA versions 4.8.x before 4.8.3, update to version 4.8.3 or later. As a temporary workaround, consider restricting access to system logs on FreeIPA masters to minimize the risk of exploitation.