FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-22 18:21:47 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
406636fe-055d-11e5-aab1-d050996490d0	krb5 -- requires_preauth bypass in PKINIT-enabled KDC MIT reports: In MIT krb5 1.12 and later, when the KDC is configured with PKINIT support, an unauthenticated remote attacker can bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password. Discovery 2015-05-25 Entry 2015-05-28 krb5 < 1.13.2 krb5-112 < 1.12.3_2 CVE-2015-2694 http://krbdev.mit.edu/rt/Ticket/Display.html?id=8160

VuXML ID

Description

406636fe-055d-11e5-aab1-d050996490d0

krb5 -- requires_preauth bypass in PKINIT-enabled KDC

MIT reports:

In MIT krb5 1.12 and later, when the KDC is configured with PKINIT support, an unauthenticated remote attacker can bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password.

Discovery 2015-05-25
Entry 2015-05-28
krb5

< 1.13.2

krb5-112

< 1.12.3_2

CVE-2015-2694
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8160