Vulnerabilities > Freeipa

DATE CVE VULNERABILITY TITLE RISK
2017-09-21 CVE-2015-5284 Information Exposure vulnerability in Freeipa
ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.
network
low complexity
freeipa CWE-200
critical
9.8
2017-09-20 CVE-2015-5179 Improper Input Validation vulnerability in Freeipa
FreeIPA might display user data improperly via vectors involving non-printable characters.
network
low complexity
freeipa CWE-20
7.5
2017-08-28 CVE-2016-7030 Credentials Management vulnerability in Freeipa 4.6.0
FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on.
network
low complexity
freeipa CWE-255
7.5
2017-06-27 CVE-2016-5414 Improper Access Control vulnerability in Freeipa 4.4.0
FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services.
network
low complexity
freeipa CWE-284
7.5
2016-09-07 CVE-2016-5404 Improper Access Control vulnerability in multiple products
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
network
low complexity
freeipa oracle fedoraproject CWE-284
6.5