Описание
The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.
Ссылки
- Mailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- PatchVendor Advisory
- Mailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
EPSS
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.
The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.
The checkPassword function in python-kerberos does not authenticate th ...
python-kerberos vulnerable to KDC spoofing attacks
EPSS
8.1 High
CVSS3
6.8 Medium
CVSS2