Home

CVE-2020-1722

Description

A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.368

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-client-4.6.8-5.el7.x86_64.rpmLinux
(RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-client-common-4.6.8-5.el7.noarch.rpmLinux
(RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-common-4.6.8-5.el7.noarch.rpmLinux
(RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-python-compat-4.6.8-5.el7.noarch.rpmLinux
(RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-server-4.6.8-5.el7.x86_64.rpmLinux
(RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-server-common-4.6.8-5.el7.noarch.rpmLinux
(RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-server-dns-4.6.8-5.el7.noarch.rpmLinux
(RHSA-2020:3936) ipa security, bug fix, and enhancement update ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpmLinux
(RHSA-2020:3936) ipa security, bug fix, and enhancement update python2-ipaclient-4.6.8-5.el7.noarch.rpmLinux
(RHSA-2020:3936) ipa security, bug fix, and enhancement update python2-ipalib-4.6.8-5.el7.noarch.rpmLinux
(RHSA-2020:3936) ipa security, bug fix, and enhancement update python2-ipaserver-4.6.8-5.el7.noarch.rpmLinux
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update python3-qrcode-5.1-12.module_el8.6.0+2737+7e73ea90.noarch.rpmLinux
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update python3-qrcode-core-5.1-12.module_el8.6.0+2737+7e73ea90.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234