← back
CVE-2017-12169

CVE-2017-12169

EPSS 1.9%CWE-200
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
10 Jan 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. NOTE: some developers feel that this report is a suggestion for a design change to Stage User activation, not a statement of a vulnerability.
Affected products
FreeIPA · ipa

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.redhat.com/show_bug.cgi?id=1487697http://www.securityfocus.com/bid/102136