Denial of Service Vulnerability in IPA Server by Red Hat
CVE-2020-1722

5.3MEDIUM

Key Information:

Vendor
Red Hat
Status
Vendor
CVE Published:
27 April 2020

Summary

A vulnerability exists in Red Hat's IPA server versions 4.x.x up to 4.8.0, where an attacker can send an excessively long password (greater than 1,000,000 characters) to the server. This can lead to a significant drain on memory and CPU resources due to the password hashing process, potentially causing the server to become unresponsive. As a result, the availability of the system is threatened, leading to service disruption for legitimate users.

Affected Version(s)

ipa all ipa versions 4.x.x through 4.8.0

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.