Default Password Policy in FreeIPA Allows Remote Account Lockout Denial of Service

Default Password Policy in FreeIPA Allows Remote Account Lockout Denial of Service

CVE-2016-7030 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on.

Learn more about our Web Application Penetration Testing UK.