Vulnerability: Lack of Permission Check in FreeIPA's cert_revoke Command
CVE-2016-5404 · MEDIUM Severity
AV:N/AC:L/AU:S/C:N/I:N/A:P
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
Learn more about our User Device Pen Test.