← back
CVE-2013-0199

CVE-2013-0199

EPSS 2.1%
The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/89539https://exchange.xforce.ibmcloud.com/vulnerabilities/81486http://www.freeipa.org/page/CVE-2013-0199http://www.freeipa.org/page/Releases/3.1.2http://www.securityfocus.com/bid/57542