Bug 2270685 (CVE-2024-3183)
| Summary: | CVE-2024-3183 freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Rohit Keshri <rkeshri> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | abokovoy, darunesh, frenaud, ftrivino, jrische, rcritten, saroy, security-response-team |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | FreeIPA 4.11.2, FreeIPA 4.12.1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password.
If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password).
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2291164 | ||
| Bug Blocks: | 2270687 | ||
|
Description
Rohit Keshri
2024-03-21 12:39:28 UTC
Created freeipa tracking bugs for this issue: Affects: fedora-all [bug 2291164] This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2024:3758 https://access.redhat.com/errata/RHSA-2024:3758 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2024:3756 https://access.redhat.com/errata/RHSA-2024:3756 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:3754 https://access.redhat.com/errata/RHSA-2024:3754 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3755 https://access.redhat.com/errata/RHSA-2024:3755 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:3759 https://access.redhat.com/errata/RHSA-2024:3759 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:3761 https://access.redhat.com/errata/RHSA-2024:3761 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:3757 https://access.redhat.com/errata/RHSA-2024:3757 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2024:3775 https://access.redhat.com/errata/RHSA-2024:3775 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:3760 https://access.redhat.com/errata/RHSA-2024:3760 |