FreeBSD -- heimdal KDC-REP service name validation vulnerability
There is a programming error in the Heimdal implementation
that used an unauthenticated, plain-text version of the
KDC-REP service name found in a ticket.
An attacker who has control of the network between a
client and the service it talks to will be able to impersonate
the service, allowing a successful man-in-the-middle (MITM)
attack that circumvents the mutual authentication.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright