SUSE CVE-2019-12098

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5initcredsstep in lib/krb5/initcredspw.c...

PT-2019-4948 · Heimdal +3 · Heimdal +3

Name of the Vulnerable Software and Affected Versions: Heimdal versions prior to 7.6.0 Description: The issue is related to the implementation of the Kerberos protocol in Heimdal, specifically with errors in cryptographic key management. This allows a remote attacker to perform a man-in-the-middl...