[Freeipa-users] FreeIPA Security issue : Anonymous user can fetch user details from IPA without authenticating
Rajnesh Kumar Siwal
rajnesh.siwal at gmail.com
Wed Jan 1 18:01:19 UTC 2014
Hi,
IPA has really been a great Project.
But, I was really concerned about the security of IPA
I have been testing it on RHEL 7 Beta for some time.
ldapsearch is able to fetch the details from the IPA Server without
Authentication.
I would appreciate if IPA team could work on securing the IPA Server as it
the most critical server if installed in an infrastructure.
It exposes the details of all the users/admins in the environment.
There should be a user that the IPA should use to fetch the details from
the IPA Servers. Without Authentication , no one should be able to fetch
any information from the IPA Server.
--
Regards,
Rajnesh Kumar Siwal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140101/b860d499/attachment.htm>
More information about the Freeipa-users
mailing list