|ID||CVSS||Summary||Last (major) update||Published|
In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.
|15-05-2019 - 19:29||15-05-2019 - 19:29|
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading
|06-12-2017 - 10:29||06-12-2017 - 10:29|