An authentication bypass flaw was found in the way krb5's certauth interface prior to 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux 7.0 |
||
redhat enterprise linux server 7.0 |
||
mit kerberos 5 |