--%> SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)
[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2017-11191

Date: (C)2017-10-04   (M)2017-10-12
 
CVSS Score: 6.5Access Vector: NETWORK
Exploitability Subscore: 8.0Access Complexity: LOW
Impact Subscore: 6.4Authentication: SINGLE_INSTANCE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and does not recognize this report as a valid security concern.

Reference:
http://packetstormsecurity.com/files/143532/FreeIPA-2.213-Session-Hijacking.html

CPE    9
cpe:/a:freeipa:freeipa:4.1.3
cpe:/a:freeipa:freeipa:4.0.0
cpe:/a:freeipa:freeipa:4.0.1
cpe:/a:freeipa:freeipa:4.1.0
...
CWE    1
CWE-384

© 2013 SecPod Technologies