vulnerability
Oracle Linux: CVE-2016-7030: ELSA-2017-0001: ipa security update (MODERATE)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Dec 14, 2016 | Jan 4, 2017 | Jan 7, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Dec 14, 2016
Added
Jan 4, 2017
Modified
Jan 7, 2025
Description
FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on.
It was discovered that the default IdM password policies that lock out accounts after a certain number of failed login attempts were also applied to host and service accounts. A remote unauthenticated user could use this flaw to cause a denial of service attack against kerberized services.
It was discovered that the default IdM password policies that lock out accounts after a certain number of failed login attempts were also applied to host and service accounts. A remote unauthenticated user could use this flaw to cause a denial of service attack against kerberized services.
Solution(s)
oracle-linux-upgrade-ipa-admintoolsoracle-linux-upgrade-ipa-clientoracle-linux-upgrade-ipa-client-commonoracle-linux-upgrade-ipa-commonoracle-linux-upgrade-ipa-python-compatoracle-linux-upgrade-ipa-serveroracle-linux-upgrade-ipa-server-commonoracle-linux-upgrade-ipa-server-dnsoracle-linux-upgrade-ipa-server-trust-adoracle-linux-upgrade-python2-ipaclientoracle-linux-upgrade-python2-ipaliboracle-linux-upgrade-python2-ipaserver

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.