Description
The checkPassword function in python-kerberos does not authenticate the KDC
it attempts to communicate with, which allows remote attackers to cause a
denial of service (bad response), or have other unspecified impact by
performing a man-in-the-middle attack.
Package
| Upstream: | released
(1.1.6)
|
| Ubuntu 18.04 LTS: | not-affected
(1.1.5-2build3)
|
| Ubuntu 14.04 ESM: | DNE
(trusty was needed)
|
| Ubuntu 20.04 FIPS Compliant: | not-affected
(1.1.5-2build3)
|
Patches:
Updated: 2022-04-13 12:05:00 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)