CVE-2008-3274

Red Hat Enterprise IPA <1.1.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.

References (11)

Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31111
Various Sources x_refsource_confirm
http://www.freeipa.org/page/News
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=457835
Patch x_refsource_confirm
http://www.freeipa.org/page/CVE-2008-3274
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020850
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31861
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2008-0860.html
Various Sources x_refsource_confirm
http://www.freeipa.org/page/Downloads

Scores

EPSS 0.0184
EPSS Percentile 76.5%

Details

CWE
CWE-200
Status published
Products (4)
redhat/enterprise_ipa 1.0.0
redhat/freeipa 0.99
redhat/freeipa 1.0.0
redhat/freeipa < 1.1.0
Published Sep 12, 2008
Tracked Since Feb 18, 2026