Issue #3238: [RFE] Improve security of the client enrollment - freeipa

freeipa

#3238 [RFE] Improve security of the client enrollment

Closed: Fixed None Opened 11 years ago by dpal.

During the enrolment there is no check that the server is a legitimate IPA server. Kerberos authentication solves part of the problem but if the attacker managed to put himself in the middle it would be able to pass the client fake certificates and watch the traffic between client and server. We need to implement a way to make sure that the certificates that are used by client are from a real legitimate server.

dpal commented 11 years ago

We need to explore it more.

rcritten commented 11 years ago

CVE-2012-5484

master:[[br]]
31e41ee[[br]]
a1991ae[[br]]
91f4af7[[br]]
a40285c[[br]]
18eea90[[br]]

ipa-3-1:[[br]]
0a38d9a[[br]]
a9e55ff[[br]]
fc016b0[[br]]
40a019b[[br]]
0808974[[br]]

rcritten commented 11 years ago

Fixed in 3.1.2.

Metadata Update from @dpal:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 3.0.2

7 years ago

Metadata

Assignee

rcritten

Tags

None

Blocking

None

Depending on

None

Priority

critical

Milestone

FreeIPA 3.0.2

None

affects_doc

None

source

None

knownissue

None

type

enhancement

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=878220

tester

None

changelog

None

design

None

freeipa

Source Code

#3238 [RFE] Improve security of the client enrollment Closed: Fixed None Opened 11 years ago by dpal.

Metadata

#3238 [RFE] Improve security of the client enrollment

Closed: Fixed None Opened 11 years ago by dpal.