krb5 -- requires_preauth bypass in PKINIT-enabled KDC
In MIT krb5 1.12 and later, when the KDC is configured
with PKINIT support, an unauthenticated remote attacker
can bypass the requires_preauth flag on a client principal
and obtain a ciphertext encrypted in the principal's
long-term key. This ciphertext could be used to conduct
an off-line dictionary attack against the user's password.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright