Lucene search

Veracode Vulnerability DatabaseVERACODE:6473

HistoryJun 01, 2018 - 10:25 a.m.

Authentication Bypass

2018-06-0110:25:51

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.002 Low

EPSS

Percentile

58.8%

JSON

libkrb5.so is vulnerable to authentication bypasses. A malicious user can pass a forged krb cert with the right EKU when no SANs is used as no relationship is established between a user and the certificate.

CPENameOperatorVersion
libkrb5.sole26.0.0-7.7.0-6.epel8.playground.x86_64.debug
libkrb5.sole26.0.0-7.7.0-6.epel8.playground.x86_64.debug

CPE	Name	Operator	Version
	libkrb5.so	le	26.0.0-7.7.0-6.epel8.playground.x86_64.debug
	libkrb5.so	le	26.0.0-7.7.0-6.epel8.playground.x86_64.debug

References

www.securityfocus.com/bid/100511

access.redhat.com/errata/RHSA-2018:0666

access.redhat.com/security/cve/CVE-2017-7562

bugzilla.redhat.com/show_bug.cgi?id=1485510

bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562

github.com/krb5/krb5/commit/07243f85a760fb37f0622d7ff0177db3f19ab025

github.com/krb5/krb5/pull/694

github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196

github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2

github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d

0.002 Low

EPSS

Percentile

58.8%

JSON

Related for VERACODE:6473