CVE-2015-5246
published 2017-10-06CVE-2015-5246: The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password…
PriorityP348high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
1.42%
69.5th percentile
The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| theforeman | foreman | — | — |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Foreman: previous password still allowed to log into foreman with Active Directory backend
vendor_redhat·2015-08-24·CVSS 8.1
CVE-2015-5246 [HIGH] Foreman: previous password still allowed to log into foreman with Active Directory backend
Foreman: previous password still allowed to log into foreman with Active Directory backend
The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.
Statement: Red Hat Product Security determined that this flaw was not a security vulnerability. See the Bugzilla link for more details.
Package: foreman (OpenStack Foreman) - Not affected
Package: foreman (Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer) - Not affected
Package: foreman (Red Hat Satellite 6) - Not affected
GHSA
GHSA-4468-gjjg-mh5q: The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the
ghsa_unreviewed·2022-05-17
CVE-2015-5246 [HIGH] GHSA-4468-gjjg-mh5q: The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the
The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.
No detection rules found.
No public exploits indexed.
2017-10-06
Published