In the client side of Heimdal prior to 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
heimdal project heimdal |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
||
opensuse leap 42.3 |
||
opensuse leap 15.0 |
||
opensuse leap 15.1 |
||
opensuse backports sle 15.0 |
||
debian debian linux 9.0 |