5.8
CVSSv2

CVE-2019-12098

Published: 15/05/2019 Updated: 17/05/2019
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Summary

In the client side of Heimdal prior to 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

Vulnerability Trend

Affected Products

Vendor Product Versions
Heimdal ProjectHeimdal0.0j, 0.0k, 0.0l, 0.0m, 0.0n, 0.0o, 0.0p, 0.0q, 0.0r, 0.0s, 0.0t, 0.0u, 0.1a, 0.1b, 0.1c, 0.1d, 0.1e, 0.1f, 0.1g, 0.1h, 0.1i, 0.1j, 0.1k, 0.1l, 0.1m, 0.2a, 0.2b, 0.2c, 0.2d, 0.2e, 0.2f, 0.2g, 0.2h, 0.2i, 0.2j, 0.2k, 0.2l, 0.2m, 0.2n, 0.2o, 0.2p, 0.2q, 0.2r, 0.2s, 0.2t, 0.3a, 0.3b, 0.3c, 0.3d, 0.3e, 0.3f, 0.4.d, 0.4.e, 0.4.f, 0.4a, 0.4b, 0.4c, 0.5, 0.5.1, 0.5.2, 0.5.3, 0.6, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.7, 0.7.1, 0.7.2, 0.8, 0.8.1, 0.9, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.4.0, 1.4.1, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 7.0.1, 7.0.2, 7.0.3, 7.1.0, 7.2.0, 7.3.0, 7.4.0, 7.5.0