{"id":"PYSEC-2013-36","details":"The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.","aliases":["CVE-2012-5484"],"modified":"2026-02-22T22:48:50.941977Z","published":"2013-01-27T18:55:00Z","withdrawn":"2024-11-22T04:37:04Z","references":[{"type":"ADVISORY","url":"http://www.freeipa.org/page/CVE-2012-5484"},{"type":"WEB","url":"http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=91f4af7e6af53e1c6bf17ed36cb2161863eddae4"},{"type":"WEB","url":"http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f"},{"type":"WEB","url":"http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a1991aeac19c3fec1fdd0d184c6760c90c9f9fc9"},{"type":"WEB","url":"http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=31e41eea6c2322689826e6065ceba82551c565aa"},{"type":"WEB","url":"http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a40285c5a0288669b72f9d991508d4405885bffc"},{"type":"WEB","url":"http://www.freeipa.org/page/Releases/3.1.2"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2013-0188.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2013-0189.html"}],"affected":[{"package":{"name":"freeipa","ecosystem":"PyPI","purl":"pkg:pypi/freeipa"},"ranges":[{"type":"GIT","repo":"https://fedoraproject.org/wiki/Infrastructure/Fedorahosted-retirement","events":[{"introduced":"0"},{"fixed":"91f4af7e6af53e1c6bf17ed36cb2161863eddae4"},{"fixed":"18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f"},{"fixed":"a1991aeac19c3fec1fdd0d184c6760c90c9f9fc9"},{"fixed":"31e41eea6c2322689826e6065ceba82551c565aa"},{"fixed":"a40285c5a0288669b72f9d991508d4405885bffc"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.10.2","4.12.2","4.4.0.dev1","4.5.0","4.5.2","4.5.4","4.6.1","4.6.2","4.6.3","4.6.4","4.6.5","4.6.7","4.7.0","4.7.1","4.7.2","4.7.4","4.7.5","4.8.0","4.8.0rc1","4.8.1","4.8.2","4.8.3","4.8.5","4.8.6","4.8.7","4.8.9","4.9.12","4.13.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/freeipa/PYSEC-2013-36.yaml"}}],"schema_version":"1.7.3"}