Required CVE Record Information
Description
The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.
References 5 Total
- openwall.com: [oss-security] 20150521 CVE-2015-3206 python-kerberos: checkPassword() does not verify KDC authenticity mailing-list
- https://bugzilla.redhat.com/show_bug.cgi?id=1223802
- https://pypi.python.org/pypi/kerberos
- securityfocus.com: 74760 vdb-entry
- https://github.com/apple/ccs-pykerberos/issues/31
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- openwall.com: [oss-security] 20150521 CVE-2015-3206 python-kerberos: checkPassword() does not verify KDC authenticity mailing-listx_transferred
- https://bugzilla.redhat.com/show_bug.cgi?id=1223802 x_transferred
- https://pypi.python.org/pypi/kerberos x_transferred
- securityfocus.com: 74760 vdb-entryx_transferred
- https://github.com/apple/ccs-pykerberos/issues/31 x_transferred