CVE-2024-3183

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions FreeIPA versions prior to 4.12.2

Description A vulnerability was found in FreeIPA where a Kerberos TGS-REQ is encrypted using the client's session key. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user's password. If a principal is compromised, an attacker could retrieve tickets encrypted to any principal and run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt, potentially finding the principal's password.

Recommendations Update to FreeIPA version 4.12.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Kerberos TGS-REQ encryption process to minimize the risk of exploitation. Additionally, ensure that all user passwords are complex and unique to prevent brute force attacks.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-916

Related Identifiers

ALSA-2024:3754

ALSA-2024:3755

ALSA-2024_3754

ALSA-2024_3755

ALT-PU-2024-13227

ALT-PU-2024-8956

ALT-PU-2024-9953

BDU:2024-06544

CESA-2024_3755

CVE-2024-3183

ELSA-2024-3754

ELSA-2024-3755

ELSA-2024-3760

INFSA-2024_3754

INFSA-2024_3755

RHSA-2024:3754

RHSA-2024:3755

RHSA-2024:3756

RHSA-2024:3757

RHSA-2024:3758

RHSA-2024:3759

RHSA-2024:3760

RHSA-2024:3761

RHSA-2024:3775

RHSA-2024_3754

RHSA-2024_3755

RHSA-2024_3760

RLSA-2024:3754

RLSA-2024:3755

RLSA-2024_3754

RLSA-2024_3755

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Freeipa

Red Hat

Red Os

Rocky Linux

CVE-2024-3183

Weakness Enumeration

Related Identifiers

Affected Products

References · 58