Preauthentication Bypass in MIT Kerberos 5 Affects Multiple Versions
CVE-2015-2694

Currently unrated

Key Information:

Vendor: Mit
Status: Kerberos 5
Vendor: CVE Published:; 25 May 2015

What is CVE-2015-2694?

The kdcpreauth modules in MIT Kerberos 5 prior to version 1.13.2 suffer from a flaw in request validation. This vulnerability permits adversaries to bypass preauthentication requirements by either providing zero bytes of data or an arbitrary realm name. The impacted code resides in the plugins related to OTP and PKINIT mechanisms, potentially allowing unauthorized access to sensitive services.

References

https://github.com/krb5/krb5/commit/e3b5a5e5267818c97750b...

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/linuxbu...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/74824

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 25, 2015
Vulnerability Reserved
Mar 24, 2015

CVE-2015-2694 Data

JSON

Mit

What is CVE-2015-2694?

References

Timeline