CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
36.5%
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is
encrypted using the client’s session key. This key is different for each
new session, which protects it from brute force attacks. However, the
ticket it contains is encrypted using the target principal key directly.
For user principals, this key is a hash of a public per-principal
randomly-generated salt and the user’s password. If a principal is
compromised it means the attacker would be able to retrieve tickets
encrypted to any principal, all of them being encrypted by their own key
directly. By taking these tickets and salts offline, the attacker could run
brute force attacks to find character strings able to decrypt tickets when
combined to a principal salt (i.e. find the principal’s password).
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
36.5%