Vulnerability: Lack of Permission Check in FreeIPA's cert_revoke Command

Vulnerability: Lack of Permission Check in FreeIPA's cert_revoke Command

CVE-2016-5404 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:N/A:P

The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.

Learn more about our User Device Pen Test.