CVE-2023-5455

Summary

CVE-2023-5455 is a Cross-Site Request Forgery (CSRF) vulnerability affecting all versions of IPA (Identity, Policy Administration) in the ipa/session/login_password function. An attacker can exploit this flaw to trick users into submitting malicious requests, leading to loss of confidentiality and system integrity. During penetration testing, it was discovered that FreeIPA fails to enforce CSRF protection on certain HTTP endpoints, enabling an attacker to issue unauthorized commands. However, the vulnerability doesn't allow for reflection of already logged-in user cookies, requiring the attacker to initiate a new authentication process.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.