CVE-2014-7828CVE-2014-7828

Affected configuration(s):

cpe:/a:freeipa:freeipa:4.0.0
cpe:/a:freeipa:freeipa:4.0.1
cpe:/a:freeipa:freeipa:4.0.2
cpe:/a:freeipa:freeipa:4.0.3
cpe:/a:freeipa:freeipa:4.0.4
cpe:/a:freeipa:freeipa:4.1.1

Date published: 2014-11-19T13:59:08.097-05:00

Date last modified: 2017-09-07T21:29:17.137-04:00

CVSS Score: 3.5

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://lists.fedoraproject.org/pipermail/package-announce/2014-November/143000.html

Summary: FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.