CVE-2013-0199
The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0043 (0.4%)
Percentil: 62.9%
EPSS: 2026-05-06
Afecta
redhat:freeipaDescripción técnica
The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.
Publicada: 29/5/2014, 14:19:06
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://osvdb.org/89539
- http://www.freeipa.org/page/CVE-2013-0199
- http://www.freeipa.org/page/Releases/3.1.2
- http://www.securityfocus.com/bid/57542
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81486
- http://osvdb.org/89539
- http://www.freeipa.org/page/CVE-2013-0199
- http://www.freeipa.org/page/Releases/3.1.2