CVE-2014-7828
Publication date 19 November 2014
Last updated 24 July 2024
Ubuntu priority
FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind.
Status
Package | Ubuntu Release | Status |
---|---|---|
freeipa | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
Notes
ebarretto
This is a FreeIPA 4.0.x issue, so marking Trusty as not affected Although Trusty also has the code, it differs from 4.0.x version
Patch details
Package | Patch details |
---|---|
freeipa |