Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Vulnerability in open source identity management system Free IPA could lead to XXE attacks

A vulnerability in Free IPA could lead to XML external entity (XXE) attacks, researchers have warned.

FreeIPA is a free and open source identity management system and is the upstream project of Red Hat Identity Management.

A flaw, tracked as CVE-2022-2414, was found in the pki-core package, a security advisory from Red Hat warns.

“Access to external entities when parsing XML documents can lead to XML external entity attacks.

“This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.”

The vulnerability, which has a severity rating of 7.5 (high), was discovered by researcher Egor Dimintrenko of security research team PT Swarm.

“In some cases, it allows attackers to read the Directory Manager password from the config of FreeIPA and take full control of the infrastructure,” PT Swarm commented.

It affects Red Hat Enterprise Linux 6-9 and Red Hat Certificate System 9 and 10.

The vulnerability has been patched by Red Hat in all versions apart from Linux 6, which is out of scope. There are no known mitigations available and Red Hat urges users to update.

The Daily Swig has reached out to PT Swarm for further comment and will update this article accordingly.

Source: https://portswigger.net/daily-swig/vulnerability-in-open-source-identity-management-system-free-ipa-could-lead-to-xxe-attacks

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO