Описание
The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| pykerberos | fixed | 1.1.5-1 | package | |
| pykerberos | fixed | 1.1.5-0.1+deb8u1 | jessie | package |
| pykerberos | fixed | 1.1+svn4895-1+deb7u1 | wheezy | package |
Примечания
CVE originally assigned for python-kerberos, pykerberos is a fork of the
former.
KDC verification support in pykerberos added in https://github.com/02strich/pykerberos/commit/02d13860b25fab58e739f0e000bed0067b7c6f9c
Using the above code as is might break existing installations since a keytab is required to call krb5_verify_init_creds
EPSS
Связанные уязвимости
The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.
The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.
The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.
python-kerberos vulnerable to KDC spoofing attacks
EPSS