Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2013-0199

Date: May 29, 2014

The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.

Severity Score

Related Resources (8)

http://www.freeipa.org/page/CVE-2013-0199
https://access.redhat.com/security/cve/CVE-2013-0199
http://www.securityfocus.com/bid/57542
http://osvdb.org/89539
https://exchange.xforce.ibmcloud.com/vulnerabilities/81486
http://www.freeipa.org/page/Releases/3.1.2
https://nvd.nist.gov/vuln/detail/CVE-2013-0199
https://www.mend.io/vulnerability-database/CVE-2013-0199

Severity Score

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3

Base Score:
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL

CVSS v2

Base Score:
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW
Additional information:

Do you need more information?

Contact Us