On 21.9.2019 22.12, Salvatore Bonaccorso wrote:
Source: freeipa
Version: 4.8.1-2
Severity: important
Tags: security upstream
Control: found -1  4.7.2-3

Hi,

The following vulnerability was published for freeipa.

CVE-2019-14826[0]:
| A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies
| were retained in the cache after logout. An attacker could abuse this
| flaw if they obtain previously valid session cookies and can use this
| to gain access to the session.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-14826
     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14826
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1746944

Regards,
Salvatore

_______________________________________________
Pkg-freeipa-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-freeipa-devel


Statement from Redhat bugzilla:

"In order to exploit this flaw, an attacker would need to obtain a user's session cookie after the user has logged out but before the server-side credential cache expires. Typically, this will not be possible because browsers protect the cookie while it is valid and delete it immediately as instructed by the server on logout. In order to be exposed to this vulnerability, one would need to be accessing FreeIPA in a non-standard fashion with an insecure web browser or a client application that stores and shares excessive debugging information. Most users of FreeIPA will not be at risk from this flaw."



--
t

Reply via email to