PT-2019-1081 · Red Hat+1 · Freeipa+2
Jamison Bennett
·
Published
2019-11-27
·
Updated
2022-05-24
·
CVE-2019-10195
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
FreeIPA versions 4.6.x before 4.6.7
FreeIPA versions 4.7.x before 4.7.4
FreeIPA versions 4.8.x before 4.8.3
Description
A flaw was found in the way FreeIPA's batch processing API logged operations, including passing user passwords in clear text on FreeIPA masters. This could allow an attacker with access to system logs on FreeIPA masters to produce log file content with passwords exposed. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components.
Recommendations
For FreeIPA versions 4.6.x before 4.6.7, update to version 4.6.7 or later.
For FreeIPA versions 4.7.x before 4.7.4, update to version 4.7.4 or later.
For FreeIPA versions 4.8.x before 4.8.3, update to version 4.8.3 or later.
As a temporary workaround, consider restricting access to system logs on FreeIPA masters to minimize the risk of exploitation.
Fix
Information Disclosure
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Freeipa
Red Hat