5.8
CVSSv2

CVE-2019-12098

Published: 15/05/2019 Updated: 04/06/2019
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Summary

In the client side of Heimdal prior to 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

Vulnerability Trend

Affected Products

Vendor Product Versions
Heimdal ProjectHeimdal0.0j, 0.0k, 0.0l, 0.0m, 0.0n, 0.0o, 0.0p, 0.0q, 0.0r, 0.0s, 0.0t, 0.0u, 0.1a, 0.1b, 0.1c, 0.1d, 0.1e, 0.1f, 0.1g, 0.1h, 0.1i, 0.1j, 0.1k, 0.1l, 0.1m, 0.2a, 0.2b, 0.2c, 0.2d, 0.2e, 0.2f, 0.2g, 0.2h, 0.2i, 0.2j, 0.2k, 0.2l, 0.2m, 0.2n, 0.2o, 0.2p, 0.2q, 0.2r, 0.2s, 0.2t, 0.3a, 0.3b, 0.3c, 0.3d, 0.3e, 0.3f, 0.4.d, 0.4.e, 0.4.f, 0.4a, 0.4b, 0.4c, 0.5, 0.5.1, 0.5.2, 0.5.3, 0.6, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.7, 0.7.1, 0.7.2, 0.8, 0.8.1, 0.9, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.4.0, 1.4.1, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 7.0.1, 7.0.2, 7.0.3, 7.1.0, 7.2.0, 7.3.0, 7.4.0, 7.5.0

Vendor Advisories

Several vulnerabilities were discovered in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos CVE-2018-16860 Isaac Boukris and Andrew Bartlett discovered that Heimdal was susceptible to man-in-the-middle attacks caused by incomplete checksum validation Details on the issue can be found in the Samba ...
Debian Bug report logs - #928966 heimdal: CVE-2018-16860 Package: src:heimdal; Maintainer for src:heimdal is Brian May <bam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 14 May 2019 07:39:02 UTC Severity: important Tags: security, upstream Found in versions heimdal/710+dfsg-13, heim ...
Debian Bug report logs - #929064 heimdal: CVE-2019-12098: krb5: always confirm PA-PKINIT-KX for anon PKINIT Package: src:heimdal; Maintainer for src:heimdal is Brian May <bam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 16 May 2019 09:06:02 UTC Severity: important Tags: security, upst ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4455-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso June 03, 2019 wwwdebianorg/security/faq ...