Vulnerability Details : CVE-2024-3183
Potential exploit
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password.
If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password).
Products affected by CVE-2024-3183
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_aus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_aus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_aus:8.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_tus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_tus:8.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
- cpe:2.3:a:freeipa:freeipa:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2024-3183
5.75%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-3183
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
N/A
|
N/A
|
Red Hat, Inc. | 2024-06-12 |
|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
2.8
|
5.2
|
NIST | 2024-09-25 |
|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
2.8
|
5.2
|
Red Hat, Inc. | 2024-06-12 |
|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
N/A
|
N/A
|
RedHat-CVE-2024-3183 | 2024-06-10 |
CWE ids for CVE-2024-3183
-
The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.Assigned by:
- 53f830b8-0a3f-465b-8143-3b8a9948e749 (Primary)
- secalert@redhat.com (Primary)
References for CVE-2024-3183
-
https://access.redhat.com/security/cve/CVE-2024-3183
CVE-2024-3183- Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2024:3775
RHSA-2024:3775 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2024:3760
RHSA-2024:3760 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2024:3761
RHSA-2024:3761 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2024:3759
RHSA-2024:3759 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2024:3758
RHSA-2024:3758 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WT3JL7JQDIAFKKEFARWYES7GZNWGQNCI/
[SECURITY] Fedora 40 Update: freeipa-4.12.1-1.fc40 - package-announce - Fedora Mailing-Lists
-
https://access.redhat.com/errata/RHSA-2024:3754
RHSA-2024:3754 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2024:3756
RHSA-2024:3756 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2024:3757
RHSA-2024:3757 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://access.redhat.com/errata/RHSA-2024:3755
RHSA-2024:3755 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2270685
2270685 – (CVE-2024-3183) CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute forceIssue Tracking;Vendor Advisory
-
https://www.freeipa.org/release-notes/4-12-1.html
FreeIPA 4.12.1 — FreeIPA documentationRelease Notes
Jump to