Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
In _krb5_extract_ticket() the KDC-REP service name must be obtained from encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unecrypted version provides an opportunity for successful server impersonation and other attacks. Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams. Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c
- Loading branch information