CVE-2020-1722

5.3MEDIUM

Key Information:

Vendor: Red Hat
Status: Ipa
Vendor: CVE Published:; 27 April 2020

Summary

A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.

Affected Version(s)

ipa all ipa versions 4.x.x through 4.8.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1722

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 27, 2020
Vulnerability Reserved
Nov 27, 2019

Collectors

NVD DatabaseMitre Database