Vulnerability in Mit Kerberos_5

CVE-2015-2694

The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by p…

EPSS: 0.009 (75.9th percentile) — read the EPSS interpretation.

Affected products

Mit Kerberos_5 — versions 1.12, 1.12.1, 1.12.2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM)
74824 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
USN-2810-1 (x_refsource_UBUNTU, vendor-advisory)