CVE-2017-11191

Name of the Vulnerable Software and Affected Versions FreeIPA versions 4.x

Description The issue allows a remote authenticated user to bypass intended account-locking restrictions via an unlock action with an old session ID for the same user account that had been created for an earlier session. The vendor states that the issue does not exist in the product and does not recognize this report as a valid security concern.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.