A extreme safety vulnerability existed within the identification administration system FreeIPA that might expose consumer credentials. Exploiting the vulnerability might permit an adversary to entry delicate knowledge.
FreeIPA System Vulnerability
Safety researcher Egor Dimitrenko from PT Swarm found a extreme vulnerability in Free IPA that might permit exterior entity XML exterior entity (XXE) assaults.
FreeIPA is an open-source identification administration system from Pink Hat. It gives Free Id, Coverage, and Audit (IPA) options for Linux, Unix, Home windows, and macOS programs.
Based on Pink Hat’s advisory, the vulnerability existed within the pki-core package deal, resulting in XXE assaults. As acknowledged,
A flaw was present in pki-core. Entry to exterior entities when parsing XML paperwork can result in XML exterior entity (XXE) assaults.
This vulnerability, CVE-2022-2414, obtained an important-severity score with a CVSS rating of seven.5. An adversary might exploit the bug to entry arbitrary information by sending maliciously crafted HTTP requests.
In worst-case exploitations, such XXE assaults can also permit distant code execution.
Pink Hat confirmed that this vulnerability impacts Pink Hat Enterprise Linux (RHEL) variations 6 to 10. Additionally, the flaw has no mitigations or workarounds. Nonetheless, they’ve rapidly addressed the problem, releasing the patch with the up to date pki-core packages for RHEL to 10, whereas RHEL 6 is out of scope.
Commenting extra concerning the bug, Dimitrenko informed The Day by day Swig that exploiting the bug is trivial because it requires no credentials. As an alternative, an adversary merely wants an “accessible endpoint” to set off the exploit.
Apart from, elaborating on the susceptible element DogTag – the certification system, the researcher mentioned,
DogTag can be utilized as a PKI service for any venture, however it’s effectively often called part of FreeIPA system. Since DogTag is built-in into FreeIPA, FreeIPA is susceptible if nonetheless unpatched.
Furthermore, the researcher defined that real-world exploits of this subject might permit an attacker to learn the Listing Supervisor password from the FreeIPA config. Thus, the attacker might take management of your complete focused infrastructure.
🐳 Pink Hat fastened an Unauth XXE (CVE-2022-2414) in FreeIPA discovered by our researcher @elk0kc.
In some instances, it permits attackers to learn the Listing Supervisor password from the config of FreeIPA and take full management of the infrastructure.
— PT SWARM (@ptswarm) August 17, 2022
To keep away from any dangers, primarily on condition that there aren’t any workarounds, customers should guarantee updating their programs to the patched RHEL releases on the earliest.
Tell us your ideas within the feedback.