krb5 -- requires_preauth bypass in PKINIT-enabled KDC

ID 406636FE-055D-11E5-AAB1-D050996490D0
Type freebsd
Reporter FreeBSD
Modified 2015-05-25T00:00:00


MIT reports:

In MIT krb5 1.12 and later, when the KDC is configured with PKINIT support, an unauthenticated remote attacker can bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password.