CVE-2014-7828

Summary

This vulnerability allows users with enabled OTP token to authenticate using only the second factor.

Affected Versions

4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4 and 4.1.0

Impact

Moderate

Fixed in Versions

4.0.5, 4.1.1

Manual Instructions

Disable OTP authentication for the users.

More Information

For more information see

• https://fedorahosted.org/freeipa/ticket/4690
• https://www.redhat.com/archives/freeipa-devel/2014-November/msg00068.html
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7828