CVE-2017-12169

Name of the Vulnerable Software and Affected Versions FreeIPA versions 4.2.0 and later

Description A security issue was discovered where FreeIPA could disclose password hashes to users with the System: Read Stage Users permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This issue does not result in the disclosure of password hashes belonging to active standard users.

Recommendations For FreeIPA versions 4.2.0 and later, consider restricting the System: Read Stage Users permission to minimize the risk of exploitation. As a temporary workaround, consider disabling the Stage User activation feature until a design change or patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.