ID CVE-2016-7030
Summary FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on.
References
Vulnerable Configurations
  • cpe:2.3:a:freeipa:freeipa:4.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeipa:freeipa:4.6.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 05-01-2018 - 02:31)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2017:0001
rpms
  • ipa-admintools-0:4.4.0-14.el7_3.1.1
  • ipa-client-0:4.4.0-14.el7_3.1.1
  • ipa-client-common-0:4.4.0-14.el7_3.1.1
  • ipa-common-0:4.4.0-14.el7_3.1.1
  • ipa-python-compat-0:4.4.0-14.el7_3.1.1
  • ipa-server-0:4.4.0-14.el7_3.1.1
  • ipa-server-common-0:4.4.0-14.el7_3.1.1
  • ipa-server-dns-0:4.4.0-14.el7_3.1.1
  • ipa-server-trust-ad-0:4.4.0-14.el7_3.1.1
  • python2-ipaclient-0:4.4.0-14.el7_3.1.1
  • python2-ipalib-0:4.4.0-14.el7_3.1.1
  • python2-ipaserver-0:4.4.0-14.el7_3.1.1
refmap via4
bid 94934
confirm
mlist [oss-security] 20170102 freeIPA CVEs CVE-2016-9575 (insufficient permission check) & CVE-2016-7030 (DoS)
Last major update 05-01-2018 - 02:31
Published 28-08-2017 - 15:29
Back to Top