FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-kerberos -- DoS and MitM vulnerabilities

Affected packages
py310-kerberos <= 1.3.1
py311-kerberos <= 1.3.1
py37-kerberos <= 1.3.1
py38-kerberos <= 1.3.1
py39-kerberos <= 1.3.1

Details

VuXML ID 2acdf364-9f8d-4aaf-8d1b-867fdfd771c6
Discovery 2017-08-25
Entry 2023-04-10

macosforgebot reports:

The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.

[source]

References

CVE Name CVE-2015-3206
URL https://osv.dev/vulnerability/PYSEC-2017-49

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.