[Pkg-freeipa-devel] Bug#940913: Bug#940913: freeipa: CVE-2019-14826
Timo Aaltonen
tjaalton at debian.org
Fri Sep 25 09:42:17 BST 2020
On 21.9.2019 22.12, Salvatore Bonaccorso wrote:
> Source: freeipa
> Version: 4.8.1-2
> Severity: important
> Tags: security upstream
> Control: found -1 4.7.2-3
>
> Hi,
>
> The following vulnerability was published for freeipa.
>
> CVE-2019-14826[0]:
> | A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies
> | were retained in the cache after logout. An attacker could abuse this
> | flaw if they obtain previously valid session cookies and can use this
> | to gain access to the session.
>
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2019-14826
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14826
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1746944
>
> Regards,
> Salvatore
>
> _______________________________________________
> Pkg-freeipa-devel mailing list
> Pkg-freeipa-devel at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-freeipa-devel
>
Statement from Redhat bugzilla:
"In order to exploit this flaw, an attacker would need to obtain a
user's session cookie after the user has logged out but before the
server-side credential cache expires. Typically, this will not be
possible because browsers protect the cookie while it is valid and
delete it immediately as instructed by the server on logout. In order to
be exposed to this vulnerability, one would need to be accessing FreeIPA
in a non-standard fashion with an insecure web browser or a client
application that stores and shares excessive debugging information. Most
users of FreeIPA will not be at risk from this flaw."
--
t
More information about the Pkg-freeipa-devel
mailing list