Back to bug 1370493
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-08-26 13:22:25 UTC | CC | security-response-team | |
| Adam Mariš | 2016-08-26 13:28:37 UTC | Blocks | 1370497 | |
| Adam Mariš | 2016-08-26 13:46:35 UTC | CC | pspacek | |
| Adam Mariš | 2016-08-31 09:07:47 UTC | Summary | EMBARGOED ipa: DoS attack against kerberized services by abusing password policy locking | EMBARGOED CVE-2016-7030 ipa: DoS attack against kerberized services by abusing password policy locking |
| Alias | CVE-2016-7030 | |||
| Whiteboard | impact=important,public=no,reported=20160826,source=redhat,cvss2=5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P,cvss3=8.6/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H,rhel-6/ipa=affected,rhel-7/ipa=affected,fedora-all/ipa=affected | impact=important,public=no,reported=20160826,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,rhel-6/ipa=affected,rhel-7/ipa=affected,fedora-all/ipa=affected | ||
| Adam Mariš | 2016-08-31 12:43:20 UTC | Whiteboard | impact=important,public=no,reported=20160826,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,rhel-6/ipa=affected,rhel-7/ipa=affected,fedora-all/ipa=affected | impact=important,public=no,reported=20160826,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,rhel-6/ipa=affected,rhel-7/ipa=affected,fedora-all/freeipa=affected |
| Adam Mariš | 2016-08-31 20:34:45 UTC | Summary | EMBARGOED CVE-2016-7030 ipa: DoS attack against kerberized services by abusing password policy locking | EMBARGOED CVE-2016-7030 ipa: DoS attack against kerberized services by abusing password policy |
| Dhiru Kholia | 2016-09-09 09:23:06 UTC | Priority | high | medium |
| CC | dkholia | |||
| Whiteboard | impact=important,public=no,reported=20160826,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,rhel-6/ipa=affected,rhel-7/ipa=affected,fedora-all/freeipa=affected | impact=moderate,public=no,reported=20160826,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,rhel-6/ipa=affected,rhel-7/ipa=affected,fedora-all/freeipa=affected | ||
| Severity | high | medium | ||
| Dhiru Kholia | 2016-09-09 09:33:42 UTC | Whiteboard | impact=moderate,public=no,reported=20160826,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,rhel-6/ipa=affected,rhel-7/ipa=affected,fedora-all/freeipa=affected | impact=moderate,public=no,reported=20160826,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,rhel-6/ipa=wontfix,rhel-7/ipa=affected,fedora-all/freeipa=affected |
| Dhiru Kholia | 2016-09-09 09:34:43 UTC | Depends On | 1374638 | |
| Dhiru Kholia | 2016-09-09 09:39:30 UTC | CC | ssorce | |
| Petr Vobornik | 2016-09-22 08:44:41 UTC | Flags | needinfo?(dkholia) | |
| Dhiru Kholia | 2016-09-22 09:19:24 UTC | Flags | needinfo?(dkholia) | |
| Dhiru Kholia | 2016-12-08 11:59:47 UTC | Depends On | 1402810 | |
| Dhiru Kholia | 2016-12-08 12:27:54 UTC | Doc Text | It was found that ipa's default password policy locked an account after 5 unsuccessful authentication attempts for 10 minutes. A remote unauthenticated user could use this flaw to cause a denial of service attack against kerberized services, and Kerberos principals. | |
| Dhiru Kholia | 2016-12-08 12:33:33 UTC | Doc Text | It was found that ipa's default password policy locked an account after 5 unsuccessful authentication attempts for 10 minutes. A remote unauthenticated user could use this flaw to cause a denial of service attack against kerberized services, and Kerberos principals. | It was found that IdM's default password policy locked an account after 5 unsuccessful authentication attempts for 10 minutes. A remote unauthenticated user could use this flaw to cause a denial of service attack against kerberized services, and Kerberos principals. |
| Dhiru Kholia | 2016-12-08 12:36:04 UTC | Doc Text | It was found that IdM's default password policy locked an account after 5 unsuccessful authentication attempts for 10 minutes. A remote unauthenticated user could use this flaw to cause a denial of service attack against kerberized services, and Kerberos principals. | It was found that IdM's default password policy locked an account after 5 unsuccessful authentication attempts for 10 minutes. A remote unauthenticated user could use this flaw to cause a denial of service attack against Kerberos principals, including kerberized system services. |
| Dhiru Kholia | 2016-12-08 13:08:03 UTC | Doc Text | It was found that IdM's default password policy locked an account after 5 unsuccessful authentication attempts for 10 minutes. A remote unauthenticated user could use this flaw to cause a denial of service attack against Kerberos principals, including kerberized system services. | It was discovered that the default IdM password policies locked out accounts after a certain number of failed login attempts. A remote unauthenticated user could use this flaw to cause a denial of service attack against kerberized system services. |
| Cedric Buissart | 2016-12-08 14:23:46 UTC | CC | cbuissar | |
| Cedric Buissart | 2016-12-09 09:17:27 UTC | Blocks | 1395316 | |
| Cedric Buissart | 2016-12-12 08:46:49 UTC | CC | jcholast | |
| Cedric Buissart | 2016-12-12 09:09:40 UTC | Depends On | 1402811 | |
| Cedric Buissart | 2016-12-12 11:04:47 UTC | Whiteboard | impact=moderate,public=no,reported=20160826,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,rhel-6/ipa=wontfix,rhel-7/ipa=affected,fedora-all/freeipa=affected | impact=moderate,public=20161214,reported=20160826,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,rhel-6/ipa=wontfix,rhel-7/ipa=affected,fedora-all/freeipa=affected |
| Cedric Buissart | 2016-12-14 12:34:12 UTC | Summary | EMBARGOED CVE-2016-7030 ipa: DoS attack against kerberized services by abusing password policy | CVE-2016-7030 ipa: DoS attack against kerberized services by abusing password policy |
| Cedric Buissart | 2016-12-14 12:34:16 UTC | Group | security, qe_staff | |
| Cedric Buissart | 2016-12-14 12:35:53 UTC | Depends On | 1404690 | |
| Cedric Buissart | 2016-12-14 13:37:35 UTC | Attachment #1230758 Attachment is private | 1 | 0 |
| Cedric Buissart | 2016-12-20 09:38:36 UTC | Attachment #1230758 Attachment is obsolete | 0 | 1 |
| Tomas Hoger | 2016-12-21 12:29:28 UTC | Doc Text | It was discovered that the default IdM password policies locked out accounts after a certain number of failed login attempts. A remote unauthenticated user could use this flaw to cause a denial of service attack against kerberized system services. | It was discovered that the default IdM password policies that lock out accounts after a certain number of failed login attempts were also applied to host and service accounts. A remote unauthenticated user could use this flaw to cause a denial of service attack against kerberized services. |
| Cedric Buissart | 2017-01-02 11:48:58 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-01-02 06:48:58 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:55:15 UTC | Whiteboard | impact=moderate,public=20161214,reported=20160826,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H,rhel-6/ipa=wontfix,rhel-7/ipa=affected,fedora-all/freeipa=affected |
Back to bug 1370493