Denial of Service Vulnerability in IPA Server by Red Hat
CVE-2020-1722

5.3MEDIUM

Key Information:

Vendor: Red Hat
Status: Ipa
Vendor: CVE Published:; 27 April 2020

Summary

A vulnerability exists in Red Hat's IPA server versions 4.x.x up to 4.8.0, where an attacker can send an excessively long password (greater than 1,000,000 characters) to the server. This can lead to a significant drain on memory and CPU resources due to the password hashing process, potentially causing the server to become unresponsive. As a result, the availability of the system is threatened, leading to service disruption for legitimate users.

Affected Version(s)

ipa all ipa versions 4.x.x through 4.8.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1722

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 27, 2020
Vulnerability Reserved
Nov 27, 2019