Main Vulnerability Database Vulnerabilities #VU41602

Permissions, Privileges, and Access Controls in FreeIPA - CVE-2013-0199

Published: May 29, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41602

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-0199

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: freeipa.org

Affected software:
FreeIPA

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.

How to mitigate CVE-2013-0199

Install update from vendor's website.

Sources

http://osvdb.org/89539
http://www.freeipa.org/page/CVE-2013-0199
http://www.freeipa.org/page/Releases/3.1.2
http://www.securityfocus.com/bid/57542
https://exchange.xforce.ibmcloud.com/vulnerabilities/81486

Permissions, Privileges, and Access Controls in FreeIPA - CVE-2013-0199

Detailed vulnerability description

How to mitigate CVE-2013-0199

Sources

Please verify you're human