Heimdal man-in-the-middle attack vulnerability
Heimdal is a Kerberos 5 implementation. A security vulnerability in the krb5initcredsstep file in lib/krb5/initcredspw.c in versions of Heimdal prior to 7.6.0 stems from the program failing to validate a change to the PA-PKINIT-KX key when an anonymous PKINIT is used. An attacker could exploit th...