Back

CVE-2024-3183

June 12, 2024, 9:15 a.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

FreeIPA

Source

secalert@redhat.com

Tags

secalert@redhat.com
CWE-916
2024-06-12
CVE-2024-3183

CVE-2024-3183 details

Published : June 12, 2024, 9:15 a.m.
Last Modified : June 12, 2024, 9:15 a.m.

Description

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password. If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password).

CVSS Score

1 2 3 4 5 6 7 8.1 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

8.1

Exploitability Score

Impact Score

Base Severity

HIGH

Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

References

URL Source
https://access.redhat.com/errata/RHSA-2024:3754 secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:3755 secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:3756 secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:3757 secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:3758 secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:3759 secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:3760 secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:3761 secalert@redhat.com
https://access.redhat.com/errata/RHSA-2024:3775 secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2024-3183 secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2270685 secalert@redhat.com
https://www.freeipa.org/release-notes/4-12-1.html secalert@redhat.com
This website uses the NVD API, but is not approved or certified by it.