CVE-2012-5631

Summary

ipa 3.0 does not properly check server identity before sending credential containing cookies

Affected Software

VendorProductVersion RangeStatus
ipaipaFixed in freeipa 3.0.2affected
ipaipafreeipa 3.1.0affected

Weaknesses

  • client does not properly check server identity before sending cookies that contain credentials

ADP Enrichment

CVE Program Container

Additional References

References