{"id":"CVE-2017-11191","details":"FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and does not recognize this report as a valid security concern","modified":"2026-04-10T03:56:28.203839Z","published":"2017-09-28T01:29:01.123Z","references":[{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/143532/FreeIPA-2.213-Session-Hijacking.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freeipa/freeipa","events":[{"introduced":"0"},{"last_affected":"1e58588ec274d5da0f020b2c6af2824313ea0ea7"},{"introduced":"0"},{"last_affected":"a33492da73ac975173c8470f32d32c34b3427b81"},{"introduced":"0"},{"last_affected":"52cf28aae6b51eadb0bf596f9a306647c750632f"},{"introduced":"0"},{"last_affected":"c436352e14a7d3ac4f4cf8888454c6749ddd2f13"},{"introduced":"0"},{"last_affected":"c55f1530c80cf0ce5857b98826f1f47bc6d55fe9"},{"introduced":"0"},{"last_affected":"65a0b586ef72318bf3821a5252f89606e907fa56"},{"introduced":"0"},{"last_affected":"5bcaea7e61da677551e415bf370459b760598ea7"},{"introduced":"0"},{"last_affected":"02ccfa156380aa97561f191a533de83b668a57f1"},{"introduced":"0"},{"last_affected":"ee01ea7e97b96384076befa3074596afd556f492"},{"introduced":"0"},{"last_affected":"7f560c5da14ad36ce9c3d9f17aac756c093ad659"},{"introduced":"0"},{"last_affected":"1b46faded422b059996362b9df7fcf1e65283468"},{"introduced":"0"},{"last_affected":"218de5bff792f5ac40d9b3eebc22f19696e5091e"},{"introduced":"0"},{"last_affected":"60fe517c9b4cc8e6d96605043b2c7685b39bc0ab"},{"introduced":"0"},{"last_affected":"06cedeec3fb4ac2d9de76c5090ffa75d5076c63c"},{"introduced":"0"},{"last_affected":"f6f1a21a6a07879028d58700a5887b4d6cf72912"},{"introduced":"0"},{"last_affected":"a1d3bafcbdb7a100953e61fe42daa1d4cd97ed54"},{"introduced":"0"},{"last_affected":"b402a8dc0fe0ff567a61c7ddde26f66e4f470e24"},{"introduced":"0"},{"last_affected":"43d5c02f8ccb69e07238ac988b849c3722af877c"},{"introduced":"0"},{"last_affected":"78a6434e323ebc357472745d97627065ae5b8169"},{"introduced":"0"},{"last_affected":"d1b59d5dac1c8d2d6edf3e22aadc30fddb2e56e0"},{"introduced":"0"},{"last_affected":"4c1d737656f117a85845fdcd49cbe71459d392e7"},{"introduced":"0"},{"last_affected":"5a3c3c73c2a59c3f42aefa90feef72a774edd1dc"},{"introduced":"0"},{"last_affected":"3c542b987860322ca50cfd2e4eb8827b79071d9e"},{"introduced":"0"},{"last_affected":"097ff54ebcb23e6438b3bf8022f7a66dd1e13aaa"},{"introduced":"0"},{"last_affected":"92fb05c41f3c7f639238928599f26277dafa7fcf"},{"introduced":"0"},{"last_affected":"a0947d94c8f478d57fd20ffbcfe8bde7ee2ba80c"},{"introduced":"0"},{"last_affected":"9587efb317ac96d49457b16db2efa004924ad363"},{"introduced":"0"},{"last_affected":"e89e825178741de042ca9ed9b603613a73113542"},{"introduced":"0"},{"last_affected":"5083a97f88545b876e9e5fdada35b31b992f9dbe"},{"introduced":"0"},{"last_affected":"59e4bc285390886422d5e15314fa8e2fac1cc4bd"},{"introduced":"0"},{"last_affected":"152881ed191b6d26eff99a8d344822b3f4c90065"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.0.0"},{"introduced":"0"},{"last_affected":"4.0.1"},{"introduced":"0"},{"last_affected":"4.0.2"},{"introduced":"0"},{"last_affected":"4.0.3"},{"introduced":"0"},{"last_affected":"4.0.4"},{"introduced":"0"},{"last_affected":"4.0.5"},{"introduced":"0"},{"last_affected":"4.1.0"},{"introduced":"0"},{"last_affected":"4.1.1"},{"introduced":"0"},{"last_affected":"4.1.2"},{"introduced":"0"},{"last_affected":"4.1.3"},{"introduced":"0"},{"last_affected":"4.1.4"},{"introduced":"0"},{"last_affected":"4.2.0"},{"introduced":"0"},{"last_affected":"4.2.1"},{"introduced":"0"},{"last_affected":"4.2.2"},{"introduced":"0"},{"last_affected":"4.2.3"},{"introduced":"0"},{"last_affected":"4.2.4"},{"introduced":"0"},{"last_affected":"4.3.0"},{"introduced":"0"},{"last_affected":"4.3.1"},{"introduced":"0"},{"last_affected":"4.3.2"},{"introduced":"0"},{"last_affected":"4.3.3"},{"introduced":"0"},{"last_affected":"4.4.0"},{"introduced":"0"},{"last_affected":"4.4.1"},{"introduced":"0"},{"last_affected":"4.4.2"},{"introduced":"0"},{"last_affected":"4.4.3"},{"introduced":"0"},{"last_affected":"4.4.4"},{"introduced":"0"},{"last_affected":"4.5.0"},{"introduced":"0"},{"last_affected":"4.5.1"},{"introduced":"0"},{"last_affected":"4.5.2"},{"introduced":"0"},{"last_affected":"4.5.3"},{"introduced":"0"},{"last_affected":"4.6.0"},{"introduced":"0"},{"last_affected":"4.6.1"}]}}],"versions":["alpha-1-9-0","alpha_1-4-1-0","alpha_1-4-2-0","alpha_1-4-4-0","alpha_2-1-9-0","alpha_3-1-9-0","alpha_4-1-9-0","alpha_5-1-9-0","alpha_5-1-9-0-1","beta_1-2-0-0","beta_1-3-0-0","beta_1-3-2-0","beta_1-3-3-0","beta_2-3-0-0","beta_2-3-3-0","milestone_2","milestone_3","milestone_4","milestone_4_1","milestone_6","rc_1-2-0-0","rc_2-2-0-0","rc_3-2-0-0","release-1-0-0","release-1-1-0","release-2-0-0","release-2-1-0","release-3-1-0","release-3-2-0","release-3-2-0-pre1","release-3-3-0","release-4-0-0","release-4-0-1","release-4-0-2","release-4-0-3","release-4-0-4","release-4-0-5","release-4-1-0","release-4-1-1","release-4-1-2","release-4-1-3","release-4-1-4","release-4-2-0","release-4-2-1","release-4-2-2","release-4-2-3","release-4-2-4","release-4-3-0","release-4-3-1","release-4-3-2","release-4-3-3","release-4-4-0","release-4-4-1","release-4-4-2","release-4-4-3","release-4-4-4","release-4-5-0","release-4-5-1","release-4-5-2","release-4-5-3","release-4-6-0","release-4-6-1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11191.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}