Redhat : Security Vulnerabilities, CVEs, Published In 2008 (Information Leak) CVSS score >= 4
The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.
Max CVSS
5.0
EPSS Score
0.64%
Published
2008-09-12
Updated
2023-02-13
1 vulnerabilities found