1793071 – (CVE-2020-1722) CVE-2020-1722 ipa: No password length restriction leads to denial of service

Bug 1793071 (CVE-2020-1722) - CVE-2020-1722 ipa: No password length restriction leads to denial of service

Summary: CVE-2020-1722 ipa: No password length restriction leads to denial of service

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2020-1722
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1802408 1802409 1823621
Blocks:	1780457
TreeView+	depends on / blocked

Reported:	2020-01-20 15:47 UTC by Dhananjay Arunesh
Modified:	2021-02-16 20:44 UTC (History)
CC List:	14 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in IPA. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed:	2020-09-29 21:59:32 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Fedora Pagure	freeipa issue 8268	None	None	None	2020-04-14 07:27:53 UTC
Red Hat Product Errata	RHSA-2020:3936	None	None	None	2020-09-29 19:57:54 UTC
Red Hat Product Errata	RHSA-2020:4670	None	None	None	2020-11-04 02:50:01 UTC

Description Dhananjay Arunesh 2020-01-20 15:47:11 UTC

A vulnerability was found in IPA, where by sending a very long password (1.000.000 characters) it's possible to cause a denial a service attack on the server. This may lead to the website becoming unavailable or unresponsive. Usually, this problem is caused by a vulnerable password hashing implementation. When a long password is sent, the password hashing process will result in CPU and memory exhaustion.

Comment 14 Huzaifa S. Sidhpurwala 2020-04-14 04:27:03 UTC

Acknowledgments:

Name: Pritam Singh (Red Hat)

Comment 15 Huzaifa S. Sidhpurwala 2020-04-14 04:27:35 UTC

Created freeipa tracking bugs for this issue:

Affects: fedora-all [bug 1823621]

Comment 16 Alexander Bokovoy 2020-04-14 07:27:53 UTC

Link FreeIPA issue 8268 here: https://pagure.io/freeipa/issue/8268 

FreeIPA team agrees with Red Hat Security Response Team assessment that this is a low severity, low priority issue. 
The fix will be merged into FreeIPA upstream but no separate release will be done.

Comment 17 errata-xmlrpc 2020-09-29 19:57:51 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:3936 https://access.redhat.com/errata/RHSA-2020:3936

Comment 18 Product Security DevOps Team 2020-09-29 21:59:32 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-1722

Comment 19 errata-xmlrpc 2020-11-04 02:49:58 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:4670 https://access.redhat.com/errata/RHSA-2020:4670

Note You need to log in before you can comment on or make changes to this bug.