Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2020-1722: CVE-2020-1722 ipa: No password length restriction leads to denial of service (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

Red Hat: CVE-2020-1722: CVE-2020-1722 ipa: No password length restriction leads to denial of service (Multiple Advisories)

Severity

CVSS

(AV:N/AC:H/Au:N/C:N/I:N/A:C)

Published

04/27/2020

Created

10/01/2020

Added

10/01/2020

Modified

12/15/2023

Description

A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.

Solution(s)

redhat-upgrade-bind-dyndb-ldap
redhat-upgrade-bind-dyndb-ldap-debuginfo
redhat-upgrade-bind-dyndb-ldap-debugsource
redhat-upgrade-custodia
redhat-upgrade-ipa-client
redhat-upgrade-ipa-client-common
redhat-upgrade-ipa-client-debuginfo
redhat-upgrade-ipa-client-epn
redhat-upgrade-ipa-client-samba
redhat-upgrade-ipa-common
redhat-upgrade-ipa-debuginfo
redhat-upgrade-ipa-debugsource
redhat-upgrade-ipa-healthcheck
redhat-upgrade-ipa-healthcheck-core
redhat-upgrade-ipa-python-compat
redhat-upgrade-ipa-selinux
redhat-upgrade-ipa-server
redhat-upgrade-ipa-server-common
redhat-upgrade-ipa-server-debuginfo
redhat-upgrade-ipa-server-dns
redhat-upgrade-ipa-server-trust-ad
redhat-upgrade-ipa-server-trust-ad-debuginfo
redhat-upgrade-opendnssec
redhat-upgrade-opendnssec-debuginfo
redhat-upgrade-opendnssec-debugsource
redhat-upgrade-python2-ipaclient
redhat-upgrade-python2-ipalib
redhat-upgrade-python2-ipaserver
redhat-upgrade-python3-custodia
redhat-upgrade-python3-ipaclient
redhat-upgrade-python3-ipalib
redhat-upgrade-python3-ipaserver
redhat-upgrade-python3-jwcrypto
redhat-upgrade-python3-kdcproxy
redhat-upgrade-python3-pyusb
redhat-upgrade-python3-qrcode
redhat-upgrade-python3-qrcode-core
redhat-upgrade-python3-yubico
redhat-upgrade-slapi-nis
redhat-upgrade-slapi-nis-debuginfo
redhat-upgrade-slapi-nis-debugsource
redhat-upgrade-softhsm
redhat-upgrade-softhsm-debuginfo
redhat-upgrade-softhsm-debugsource
redhat-upgrade-softhsm-devel

References

CVE-2020-1722
RHSA-2020:3936
RHSA-2020:4670

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2020-1722: CVE-2020-1722 ipa: No password length restriction leads to denial of service (Multiple Advisories)

Red Hat: CVE-2020-1722: CVE-2020-1722 ipa: No password length restriction leads to denial of service (Multiple Advisories)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.