QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-12169

Back to search

CVE-2017-12169

Published: Jan 10, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. NOTE: some developers feel that this report is a suggestion for a design change to Stage User activation, not a statement of a vulnerability.

VendorProductVersions

FreeIPA

ipa

affected
4.2.0 and later

Weaknesses (CWE)

CWE-200

References

102136
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now