A vulnerability in FreeIPA with improper sanitization of the input can lead to argument injection into the username field of the /ipa/session/login_password requests. https://github.com/freeipa/freeipa/blob/64861a0cf9a8ac18d83a206c11fd3b42be3c578c/ipaserver/rpcserver.py#L998