FreeIPA Vulnerability Allows Brute Force Attacks on Principal Passwords
CVE-2024-3183

8.1HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.2 Advanced Update Support; Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Vendor: CVE Published:; 12 June 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability exists in FreeIPA related to the Kerberos ticket-granting service (TGS) request encryption method used during the authentication process. The issue arises when a TGS-REQ is encrypted with the client's session key, while the contained ticket relies on the target principal key for encryption. This situation exposes user principals to potential compromise, as the target key is derived from a password hash combined with a public, randomly-generated salt. If an attacker manages to compromise any principal, they can potentially decrypt tickets intended for other principals. This opens the door for brute-force attacks, allowing the acquisition of valid credentials by testing character strings against the encrypted tickets and salts offline.

Affected Version(s)

Red Hat Enterprise Linux 7 0:4.6.8-5.el7_9.17

Red Hat Enterprise Linux 8 8100020240528133707.823393f5

Red Hat Enterprise Linux 8.2 Advanced Update Support 8020020240530191103.792f4060

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-3183-POC
Created by Cyxow