CVE-2013-0199 Information

Description

The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.

Reference

http://osvdb.org/89539 http://www.freeipa.org/page/CVE-2013-0199 http://www.freeipa.org/page/Releases/3.1.2 http://www.securityfocus.com/bid/57542 https://exchange.xforce.ibmcloud.com/vulnerabilities/81486