Description
The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.
References (11)
Core 11
Core References
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00733.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00743.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31111
Various Sources x_refsource_confirm
http://www.freeipa.org/page/News
Various Sources x_refsource_confirm
http://git.fedorahosted.org/git/freeipa.git/?p=freeipa.git%3Ba=commit%3Bh=9932887f2af38b9701efec27707648c026ec445c
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=457835
Patch x_refsource_confirm
http://www.freeipa.org/page/CVE-2008-3274
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1020850
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31861
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2008-0860.html
Various Sources x_refsource_confirm
http://www.freeipa.org/page/Downloads
Scores
EPSS
0.0184
EPSS Percentile
76.5%
Details
CWE
CWE-200
Status
published
Products (4)
redhat/enterprise_ipa
1.0.0
redhat/freeipa
0.99
redhat/freeipa
1.0.0
redhat/freeipa
< 1.1.0
Published
Sep 12, 2008
Tracked Since
Feb 18, 2026