CVE-2008-3274

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise IPA version 1.0.0 FreeIPA versions prior to 1.1.1

Description: The default configuration of the affected software places ldap:///anyone on the read ACL for the krbMKey attribute. This allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.

Recommendations: For Red Hat Enterprise IPA version 1.0.0, update the configuration to restrict access to the krbMKey attribute. For FreeIPA versions prior to 1.1.1, update to version 1.1.1 or later to fix the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2008-3274

RHSA-2008:0860

Affected Products

Freeipa

Red Hat Enterprise Ipa

CVE-2008-3274

Weakness Enumeration

Related Identifiers

Affected Products

References · 12