FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-kerberos -- DoS and MitM vulnerabilities

Affected packages
py310-kerberos <= 1.3.1
py311-kerberos <= 1.3.1
py37-kerberos <= 1.3.1
py38-kerberos <= 1.3.1
py39-kerberos <= 1.3.1


VuXML ID 2acdf364-9f8d-4aaf-8d1b-867fdfd771c6
Discovery 2017-08-25
Entry 2023-04-10

macosforgebot reports:

The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.


CVE Name CVE-2015-3206