FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
406636fe-055d-11e5-aab1-d050996490d0krb5 -- requires_preauth bypass in PKINIT-enabled KDC

MIT reports:

In MIT krb5 1.12 and later, when the KDC is configured with PKINIT support, an unauthenticated remote attacker can bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password.


Discovery 2015-05-25
Entry 2015-05-28
krb5
< 1.13.2

krb5-112
< 1.12.3_2

CVE-2015-2694
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8160