A vulnerability was found in IPA, where by sending a very long password (1.000.000 characters) it's possible to cause a denial a service attack on the server. This may lead to the website becoming unavailable or unresponsive. Usually, this problem is caused by a vulnerable password hashing implementation. When a long password is sent, the password hashing process will result in CPU and memory exhaustion.
Name: Pritam Singh (Red Hat)
Created freeipa tracking bugs for this issue:
Affects: fedora-all [bug 1823621]
Link FreeIPA issue 8268 here: https://pagure.io/freeipa/issue/8268
FreeIPA team agrees with Red Hat Security Response Team assessment that this is a low severity, low priority issue.
The fix will be merged into FreeIPA upstream but no separate release will be done.