2 matches found
CVE-2016-1000238
The CVE-2016-1000238 entry is linked to node-krb5 SPOOFING via unvalidated KDC. Affected: node-krb5 (Node.js module). Issue: KDC is not validated before authentication, allowing a network-attacker with time and access to spoof the KDC and impersonate a valid user without credentials. Impact: pote...
lets-chat-kerberos (>=0.2.0 <=0.4.1), passport-assistant-kerberos (=0.0.1) +1 more potentially affected by CVE-2016-1000238 via node-krb5 (=0.0.6)
node-krb5 NPM version =0.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on node-krb5 and may be impacted: - lets-chat-kerberos =0.2.0, =0.4.1 - passport-assistant-kerberos =0.0.1 - passport-kerberos =0.0.1 Source cves: CVE-2016-1000238 Source advisor...