-
Notifications
You must be signed in to change notification settings - Fork 53
/
PYSEC-2017-49.yaml
39 lines (39 loc) · 995 Bytes
/
PYSEC-2017-49.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
id: PYSEC-2017-49
details: The checkPassword function in python-kerberos does not authenticate the KDC
it attempts to communicate with, which allows remote attackers to cause a denial
of service (bad response), or have other unspecified impact by performing a man-in-the-middle
attack.
affected:
- package:
name: kerberos
ecosystem: PyPI
purl: pkg:pypi/kerberos
ranges:
- type: ECOSYSTEM
events:
- introduced: "0.0"
versions:
- 1.1.1
- 1.1.2
- 1.2.0
- 1.2.2
- 1.2.3
- 1.2.4
- 1.2.5
- 1.3.0
- 1.3.1
references:
- type: WEB
url: https://pypi.python.org/pypi/kerberos
- type: REPORT
url: https://github.com/apple/ccs-pykerberos/issues/31
- type: REPORT
url: https://bugzilla.redhat.com/show_bug.cgi?id=1223802
- type: WEB
url: http://www.securityfocus.com/bid/74760
- type: WEB
url: http://www.openwall.com/lists/oss-security/2015/05/21/3
aliases:
- CVE-2015-3206
modified: "2021-07-25T23:34:38.763837Z"
published: "2017-08-25T18:29:00Z"