Vulnerability DatabaseCVE-2013-0199
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2013-0199
Published:May 29, 2014
Updated:June 16, 2026
The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.
Related Resources (6)
https://access.redhat.com/security/cve/CVE-2013-0199
https://exchange.xforce.ibmcloud.com/vulnerabilities/81486
http://www.securityfocus.com/bid/57542
http://osvdb.org/89539
http://www.freeipa.org/page/CVE-2013-0199
http://www.freeipa.org/page/Releases/3.1.2
Do you need more information?
Contact Us
CVSS v3
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
CVSS v2
Base Score:
5
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
EPSS
Base Score:
2.12