CVE-2012-5484 | Vulnerability Database | Aqua Security

The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.

Affected Software

Name	Vendor	Start Version	End Version
Freeipa	Redhat	2.0.0 (including)	2.0.0 (including)
Freeipa	Redhat	2.0.1 (including)	2.0.1 (including)
Freeipa	Redhat	2.1.0 (including)	2.1.0 (including)
Freeipa	Redhat	2.1.1 (including)	2.1.1 (including)
Freeipa	Redhat	2.1.3 (including)	2.1.3 (including)
Freeipa	Redhat	2.1.4 (including)	2.1.4 (including)
Freeipa	Redhat	2.2.1 (including)	2.2.1 (including)

References

http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=31e41eea6c2322689826e6065ceba82551c565aa
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=91f4af7e6af53e1c6bf17ed36cb2161863eddae4
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a1991aeac19c3fec1fdd0d184c6760c90c9f9fc9
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a40285c5a0288669b72f9d991508d4405885bffc
http://rhn.redhat.com/errata/RHSA-2013-0188.html
http://rhn.redhat.com/errata/RHSA-2013-0189.html
http://www.freeipa.org/page/CVE-2012-5484
http://www.freeipa.org/page/Releases/3.1.2

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-5484
CWE	https://cwe.mitre.org/data/definitions/310.html