Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…
EPSS 2.1%top 21%

Red Hat Security Advisory: ipa security update

0
High
Published: 06/10/2024 (06/10/2024, 14:35:19 UTC)
Source: GCVE Database
Vendor/Project: Red Hat Product Security
Product: Red Hat

Description

A vulnerability (CVE-2024-3183) in Red Hat Identity Management (IdM) allows a user to obtain password hashes of all domain users, enabling offline brute force attacks. This issue affects Red Hat Enterprise Linux 9.0 Extended Update Support and related packages. Red Hat has released security updates to address this vulnerability.

Affected software

redhat/ipa
pkg:rpm/redhat/ipa
Affected versions
=9.0

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 06/25/2026, 22:48:15 UTC

Technical Analysis

CVE-2024-3183 is a vulnerability in the FreeIPA component of Red Hat Identity Management (IdM) where a user can obtain password hashes of all domain users, facilitating offline brute force attacks. The vulnerability is rated as important by Red Hat Product Security and affects multiple Red Hat Enterprise Linux 9.0 Extended Update Support variants and related packages. Red Hat has issued an update (ipa-4.9.8-11.el9_0.3) to fix this issue. No CVSS score is provided in the advisory.

Potential Impact

An attacker with access to the system could extract password hashes for all domain users and attempt offline brute force attacks to recover passwords. This compromises the confidentiality of user credentials within the domain, potentially leading to unauthorized access if passwords are cracked.

Mitigation Recommendations

Red Hat has released an official security update (ipa-4.9.8-11.el9_0.3 and related packages) that fixes this vulnerability. Users should apply this update promptly. Before applying, ensure all previously released errata relevant to the system are applied. Refer to Red Hat's official update instructions at https://access.redhat.com/articles/11258. No additional mitigation is stated by the vendor.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Csaf Category
csaf_security_advisory
Csaf Version
2.0
Publisher
Red Hat Product Security
Advisory Id
RHSA-2024:3761
Cve Count
1
Additional Cves
[]
Cvss Version
null

Threat ID: 6a3da1f44853345fc1833e65

Added to database: 06/25/2026, 21:47:32 UTC

Last enriched: 06/25/2026, 22:48:15 UTC

Last updated: 07/02/2026, 20:51:14 UTC

Views: 3

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses