Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2023/08/31 12:0 a.m.17 views

FreeBSD : FreeBSD -- Network authentication attack via pam_krb5 (9b0d9832-47c1-11ee-8e38-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9b0d9832-47c1-11ee-8e38-002590c1f29c advisory. - pamkrb5 authenticates a user by essentially running kinit with the password, getting a ticket-grantin...

9.8CVSS8.3AI score0.01098EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/08/31 12:0 a.m.22 views

FreeBSD : FreeBSD -- Network authentication attack via pam_krb5 (41af0277-47bf-11ee-8e38-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 41af0277-47bf-11ee-8e38-002590c1f29c advisory. - pamkrb5 authenticates a user by essentially running kinit with the password, getting a ticket-grantin...

9.8CVSS8.3AI score0.01098EPSS
Exploits0References2
FreeBSD Advisory
FreeBSD Advisory
added 2023/08/01 12:0 a.m.12 views

FreeBSD-SA-23:09.pam_krb5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:09.pamkrb5 Security Advisory The FreeBSD Project Topic: Network authentication attack via pamkrb5 Category: core Module: pamkrb5 Announced: 2023-08-01...

9.8CVSS7.2AI score0.01098EPSS
Exploits0
NVD
NVD
added 2023/06/22 5:15 p.m.16 views

CVE-2023-3326

pamkrb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket tgt from the Kerberos KDC Key Distribution Center over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pamkrb5 has no way to validate...

9.8CVSS9.7AI score0.01098EPSS
Exploits0References3
OSV
OSV
added 2023/06/22 5:15 p.m.16 views

CVE-2023-3326

pamkrb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket tgt from the Kerberos KDC Key Distribution Center over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pamkrb5 has no way to validate...

9.8CVSS6.6AI score
Exploits0References3
Debian CVE
Debian CVE
added 2023/06/22 4:37 p.m.40 views

CVE-2023-3326

pamkrb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket tgt from the Kerberos KDC Key Distribution Center over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pamkrb5 has no way to validate...

9.8CVSS9.7AI score0.01098EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/06/22 4:37 p.m.21 views

CVE-2023-3326 Network authentication attack via pam_krb5

pamkrb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket tgt from the Kerberos KDC Key Distribution Center over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pamkrb5 has no way to validate...

7.1AI score0.01098EPSS
Exploits0References3
CVE
CVE
added 2023/06/22 4:37 p.m.116 views

CVE-2023-3326

CVE-2023-3326 affects pam_krb5 in FreeBSD deployments where a keytab is not provisioned. The module authenticates by requesting a Kerberos TGT from KDC using the user password, but without a keytab there is no way to validate the KDC’s response, allowing an attacker who can control both the passw...

9.8CVSS9.6AI score0.01098EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder