Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2014-7828

FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind.

  • Published: Nov 19, 2014
  • Updated: Apr 13, 2023
  • CVE: CVE-2014-7828
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 3.5
  • AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

Software From Fixed in
freeipa / freeipa 4.1.1 4.1.1.x
freeipa / freeipa 4.0.2 4.0.2.x
freeipa / freeipa 4.0.0 4.0.0.x
freeipa / freeipa 4.0.3 4.0.3.x
freeipa / freeipa 4.0.1 4.0.1.x
freeipa / freeipa 4.0.4 4.0.4.x