Freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password. If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password).
Affected products
- *
- ==4.12.1
- *
Matching in nixpkgs
pkgs.ipam
Cli based IPAM written in Go with PowerDNS support
-
nixos-unstable -
- nixpkgs-unstable 0.3.0-1
pkgs.ipafont
Japanese font package with Mincho and Gothic fonts
-
nixos-unstable -
- nixpkgs-unstable 003.03
pkgs.ipatool
Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store
-
nixos-unstable -
- nixpkgs-unstable 2.2.0
pkgs.codipack
Fast gradient evaluation in C++ based on Expression Templates
-
nixos-unstable -
- nixpkgs-unstable 3.0.0
pkgs.gruut-ipa
Library for manipulating pronunciations using the International Phonetic Alphabet (IPA)
-
nixos-unstable -
- nixpkgs-unstable 0.13.0
pkgs.ipaexfont
Japanese font package with Mincho and Gothic fonts
-
nixos-unstable -
- nixpkgs-unstable 004.01
pkgs.uriparser
Strictly RFC 3986 compliant URI parsing library
-
nixos-unstable -
- nixpkgs-unstable 0.9.8
pkgs.frangipanni
Convert lines of text into a tree structure
-
nixos-unstable -
- nixpkgs-unstable 0.5.0
pkgs.ipad_charge
Apple device USB charging utility for Linux
-
nixos-unstable -
- nixpkgs-unstable 2015-02-03
pkgs.nucleiparser
Nuclei output parser for CLI
-
nixos-unstable -
- nixpkgs-unstable 0.2.1
pkgs.multipath-tools
Tools for the Linux multipathing storage driver
-
nixos-unstable -
- nixpkgs-unstable 0.11.1
pkgs.ripasso-cursive
Simple password manager written in Rust
-
nixos-unstable -
- nixpkgs-unstable 0.7.0
pkgs.multipart-parser-c
Http multipart parser implemented in C
-
nixos-unstable -
- nixpkgs-unstable 2015-12-14
pkgs.haskellPackages.ipa
Internal Phonetic Alphabet (IPA)
-
nixos-unstable -
- nixpkgs-unstable 0.3.1.1
pkgs.python312Packages.nipap
Neat IP Address Planner
-
nixos-unstable -
- nixpkgs-unstable 0.32.7
pkgs.python313Packages.nipap
Neat IP Address Planner
-
nixos-unstable -
- nixpkgs-unstable 0.32.7
pkgs.python312Packages.ipaddr
IP address manipulation library
-
nixos-unstable -
- nixpkgs-unstable 2.2.0
pkgs.python312Packages.ipadic
Contemporary Written Japanese dictionary
-
nixos-unstable -
- nixpkgs-unstable 1.0.0
pkgs.python313Packages.ipaddr
IP address manipulation library
-
nixos-unstable -
- nixpkgs-unstable 2.2.0
pkgs.python313Packages.ipadic
Contemporary Written Japanese dictionary
-
nixos-unstable -
- nixpkgs-unstable 1.0.0
pkgs.haskellPackages.multipart
Parsers for the HTTP multipart format
-
nixos-unstable -
- nixpkgs-unstable 0.2.1
pkgs.python312Packages.pynipap
Python client library for Neat IP Address Planner
-
nixos-unstable -
- nixpkgs-unstable 0.32.7
pkgs.python313Packages.pynipap
Python client library for Neat IP Address Planner
-
nixos-unstable -
- nixpkgs-unstable 0.32.7
pkgs.python312Packages.iniparse
Accessing and Modifying INI files
-
nixos-unstable -
- nixpkgs-unstable 0.5
pkgs.python313Packages.iniparse
Accessing and Modifying INI files
-
nixos-unstable -
- nixpkgs-unstable 0.5
pkgs.graylogPlugins.ipanonymizer
Graylog-server plugin that replaces the last octet of IP addresses in messages with xxx
-
nixos-unstable -
- nixpkgs-unstable 1.1.2
pkgs.haskellPackages.unipatterns
Helpers which allow safe partial pattern matching in lambdas
-
nixos-unstable -
- nixpkgs-unstable 0.0.0.0
pkgs.python312Packages.gruut-ipa
Library for manipulating pronunciations using the International Phonetic Alphabet (IPA)
-
nixos-unstable -
- nixpkgs-unstable 0.13.0
pkgs.python312Packages.multipart
Parser for multipart/form-data
-
nixos-unstable -
- nixpkgs-unstable 1.3.0
pkgs.python313Packages.gruut-ipa
Library for manipulating pronunciations using the International Phonetic Alphabet (IPA)
-
nixos-unstable -
- nixpkgs-unstable 0.13.0
pkgs.python313Packages.multipart
Parser for multipart/form-data
-
nixos-unstable -
- nixpkgs-unstable 1.3.0
pkgs.typstPackages.ascii-ipa_1_0_0
Converter for ASCII representations of the International Phonetic Alphabet (IPA
-
nixos-unstable -
- nixpkgs-unstable 1.0.0
pkgs.typstPackages.ascii-ipa_1_1_0
Converter for ASCII representations of the International Phonetic Alphabet (IPA
-
nixos-unstable -
- nixpkgs-unstable 1.1.0
pkgs.typstPackages.ascii-ipa_1_1_1
Converter for ASCII representations of the International Phonetic Alphabet (IPA
-
nixos-unstable -
- nixpkgs-unstable 1.1.1
pkgs.typstPackages.ascii-ipa_2_0_0
Converter for ASCII representations of the International Phonetic Alphabet (IPA
-
nixos-unstable -
- nixpkgs-unstable 2.0.0
pkgs.haskellPackages.multipart-names
Handling of multipart names in various casing styles
-
nixos-unstable -
- nixpkgs-unstable 0.0.1
pkgs.haskellPackages.servant-multipart
multipart/form-data (e.g file upload) support for servant
-
nixos-unstable -
- nixpkgs-unstable 0.12.1
pkgs.python312Packages.flask-principal
Identity management for flask
-
nixos-unstable -
- nixpkgs-unstable 0.4.0
pkgs.python312Packages.types-ipaddress
Typing stubs for ipaddress
-
nixos-unstable -
- nixpkgs-unstable 1.0.8
pkgs.python313Packages.flask-principal
Identity management for flask
-
nixos-unstable -
- nixpkgs-unstable 0.4.0
pkgs.python313Packages.types-ipaddress
Typing stubs for ipaddress
-
nixos-unstable -
- nixpkgs-unstable 1.0.8
pkgs.python312Packages.cached-ipaddress
Cache construction of ipaddress objects
-
nixos-unstable -
- nixpkgs-unstable 0.10.0
pkgs.python312Packages.python-multipart
Streaming multipart parser for Python
-
nixos-unstable -
- nixpkgs-unstable 0.0.20
pkgs.python312Packages.python-vipaccess
Free software implementation of Symantec's VIP Access application and protocol
-
nixos-unstable -
- nixpkgs-unstable 0.14.2
pkgs.python312Packages.sansio-multipart
Parser for multipart/form-data
-
nixos-unstable -
- nixpkgs-unstable 0.3
pkgs.python313Packages.cached-ipaddress
Cache construction of ipaddress objects
-
nixos-unstable -
- nixpkgs-unstable 0.10.0
pkgs.python313Packages.python-multipart
Streaming multipart parser for Python
-
nixos-unstable -
- nixpkgs-unstable 0.0.20
pkgs.python313Packages.python-vipaccess
Free software implementation of Symantec's VIP Access application and protocol
-
nixos-unstable -
- nixpkgs-unstable 0.14.2
pkgs.python313Packages.sansio-multipart
Parser for multipart/form-data
-
nixos-unstable -
- nixpkgs-unstable 0.3
pkgs.haskellPackages.http-client-multipart
Generate multipart uploads for http-client. (deprecated)
-
nixos-unstable -
- nixpkgs-unstable 0.3.0.0
pkgs.haskellPackages.servant-multipart-api
multipart/form-data (e.g file upload) support for servant
-
nixos-unstable -
- nixpkgs-unstable 0.12.1
pkgs.haskellPackages.servant-multipart-client
multipart/form-data (e.g file upload) support for servant
-
nixos-unstable -
- nixpkgs-unstable 0.12.2
pkgs.python312Packages.nested-multipart-parser
Parser for nested data for 'multipart/form'
-
nixos-unstable -
- nixpkgs-unstable 1.5.0
pkgs.python313Packages.nested-multipart-parser
Parser for nested data for 'multipart/form'
-
nixos-unstable -
- nixpkgs-unstable 1.5.0
pkgs.haskellPackages.amazonka-connectparticipant
Amazon Connect Participant Service SDK
-
nixos-unstable -
- nixpkgs-unstable 2.0
pkgs.haskellPackages.autodocodec-servant-multipart
Autodocodec interpreters for Servant Multipart
-
nixos-unstable -
- nixpkgs-unstable 0.0.0.1
pkgs.python312Packages.mypy-boto3-connectparticipant
Type annotations for boto3 connectparticipant
-
nixos-unstable -
- nixpkgs-unstable boto3-connectparticipant-1.40.18
pkgs.python313Packages.mypy-boto3-connectparticipant
Type annotations for boto3 connectparticipant
-
nixos-unstable -
- nixpkgs-unstable boto3-connectparticipant-1.40.18
pkgs.chickenPackages_5.chickenEggs.multipart-form-data
Reads & decodes HTTP multipart/form-data requests.
-
nixos-unstable -
- nixpkgs-unstable 0.2
pkgs.python312Packages.types-aiobotocore-connectparticipant
Type annotations for aiobotocore connectparticipant
-
nixos-unstable -
- nixpkgs-unstable 2.23.2
pkgs.python313Packages.types-aiobotocore-connectparticipant
Type annotations for aiobotocore connectparticipant
-
nixos-unstable -
- nixpkgs-unstable 2.23.2
pkgs.python312Packages.microsoft-kiota-serialization-multipart
Multipart serialization implementation for Kiota clients in Python
-
nixos-unstable -
- nixpkgs-unstable 1.9.5
pkgs.python313Packages.microsoft-kiota-serialization-multipart
Multipart serialization implementation for Kiota clients in Python
-
nixos-unstable -
- nixpkgs-unstable 1.9.5
Package maintainers
-
@athas Troels Henriksen <athas@sigkill.dk>
-
@siraben Siraphob Phipathananunth <bensiraphob@gmail.com>
-
@benley Benjamin Staffin <benley@gmail.com>
-
@s1341 Shmarya Rubenstein <s1341@shmarya.net>
-
@fadenb Tristan Helmich <tristan.helmich+nixos@gmail.com>
-
@Mic92 Jörg Thalheim <joerg@thalheim.io>
-
@stephen-huan Stephen Huan <stephen.huan@cgdct.moe>
-
@auntieNeo Jonathan Glines <auntieNeo@gmail.com>
-
@gaelreyrol Gaël Reyrol <me@gaelreyrol.dev>
-
@lukegb Luke Granger-Brown <nix@lukegb.com>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@danbst Danylo Hlynskyi <abcz2.uprola@gmail.com>
-
@astro Astro <astro@spaceboyz.net>
-
@Laurent2916 Laurent Fainsin <laurent.nixpkgs@fainsin.bzh>
-
@dotlambda Robert Schütz <rschuetz17@gmail.com>
-
@mbalatsko Maksym Balatsko <mbalatsko@gmail.com>
-
@risicle Robert Scott <code@humanleg.org.uk>
-
@herrwiese Andreas Wiese <aw-nixos@meterriblecrew.net>
-
@jpetrucciani Jacobi Petrucciani <j@cobi.dev>
-
@stigtsp Stig Palmquist <stig@stig.io>
-
@luftmensch-luftmensch Valentino Bocchetti <valentinobocchetti59@gmail.com>
-
@L-Trump Luo Chen <ltrump@163.com>
-
@cherrypiejam Gongqi Huang
-
@bosu Boris Sukholitko <boriss@gmail.com>