Twenty Year Anniversary

FreeIPA 2.213 Session Hijacking

FreeIPA 2.213 Session Hijacking
Posted Jul 27, 2017
Authored by Ricardo Sanchez

FreeIPA version 2.213 suffers from a session hijacking vulnerability.

tags | exploit
advisories | CVE-2017-11191
MD5 | e6a68b0a3016b7a375dddfbb0a0c460e

FreeIPA 2.213 Session Hijacking

Change Mirror Download
[Description]

An attacker can hijack the session to unlock the users when they has been
locked with his last sesiA3n.

=====================================================================

[Session hijacking]

This type of attack involves an adversary that exploits weaknesses in an
application's use of sessions in performing authentication. The advarsary
is able to steal or manipulate an active session and use it to gain
unathorized access to the application.

=====================================================================

[Vulnerability Type]

Session hijacking

=====================================================================

[Example scenario]

We are using two users to explain it:

- [DEMO1] = Locked user

- [DEMO2] = Normal user

The [DEMO1] has been locked to the system and we are using the [DEMO2]
session to try to unlock the [DEMO1] user but we canA't because we donA't
have this privileges so this is correct like you can see in this screenshot.

The session hijacking occurs when we use the old session that we had used
with [DEMO1] user before lock it.
This session hasnA't been deleted/expired so you can it to unlock the
[DEMO1] user without problem like you can see in the next evidence.

=====================================================================

[Vendor of Product]

Redhat

=====================================================================

[Affected Product Code Base]

FreeIPA 2.213

=====================================================================

[Affected Component]

Affected client web browser/Active Directory Users

=====================================================================

[Attack Type]

Remote

=====================================================================

[Discoverer]

Ricardo Sanchez Ruiz

=====================================================================

[Username]

rsanchezr

=====================================================================

[CVE]

CVE-2017-11191

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    20 Files
  • 20
    Apr 20th
    7 Files
  • 21
    Apr 21st
    10 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close