Lucene search
K

76 matches found

Rapid7 Blog
Rapid7 Blog
added 2026/06/13 12:22 a.m.18 views

Weekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modules

New Tracing Options As hard as we try to ensure that Metasploit is bug free, issues inevitably come up. Whether you’re running a module on an op or writing a new one, what we can do is make the debugging experience easier. To that end one of our two Google Summer of Code GSoC projects is here to...

6AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Samba

Kerberos acceptors need easy access to stable AD identifiers e.g., objectSid. Samba, as an AD DC, now provides a way for Linux applications to obtain a reliable SID and samAccountName from the issued tickets...

8.8CVSS6.9AI score0.01984EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Samba

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on November 8, 2022, and according to RFC8429, it is assumed that RC4-HMAC is weak. Vulnerable Samba Active Directory Domain Controllers will issue RC4-HMAC encrypted tickets, even though the targe...

9.8CVSS6.8AI score0.00454EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/04/26 8:3 a.m.5 views

rxrpc: reject undecryptable rxkad response tickets

...

9.8CVSS5.8AI score0.00514EPSS
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/17 2:51 p.m.9 views

Containing a domain compromise: How predictive shielding shut down lateral movement

In this article 1. Predictive shielding overview 2. Attack chain overview 3. How predictive shielding changed the outcome 4. MITRE ATT&CK® techniques observed 5. Learn more In identity-based attack campaigns, any initial access activity can turn an already serious intrusion into a critical incide...

6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001250)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001250 advisory. In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the...

7.8CVSS6.9AI score0.0047EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002903)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002903 advisory. In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the...

7.8CVSS6.9AI score0.0047EPSS
Exploits0References11
OSV
OSV
added 2025/10/21 9:35 p.m.8 views

CLSA-2025-1761082525 Fix CVE(s): CVE-2022-45141

SECURITY UPDATE: AD DC can be forced to issue rc4-hmac Kerberos tickets - debian/patches/CVE-2022-45141.patch: fix session key selection algorithm for selecting the ticket in strongest-to-weakest order, thus allowing the target server to select better encryption - CVE-2022-45141...

9.8CVSS5.8AI score0.00454EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/06/20 11:35 p.m.5 views

SUSE CVE-2025-4404

A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the krbCanonicalName for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a...

9.1CVSS9.1AI score0.01827EPSS
Exploits1References5
OSV
OSV
added 2025/06/19 10:33 a.m.5 views

USN-7582-1 samba vulnerabilities

Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. CVE-2022-3437 Greg Hudson discovered that Samba incorrectly handled PAC parsing. On...

9.8CVSS7AI score0.62015EPSS
Exploits1References5
Ubuntu
Ubuntu
added 2025/06/19 10:33 a.m.4 views

USN-7582-1: Samba vulnerabilities

Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. CVE-2022-3437 Greg Hudson discovered that Samba incorrectly handled PAC parsing. On...

9.8CVSS7.4AI score0.62015EPSS
Exploits1
OSV
OSV
added 2025/06/17 2:15 p.m.5 views

UBUNTU-CVE-2025-4404

A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the krbCanonicalName for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a...

9.1CVSS5.7AI score0.01827EPSS
Exploits1References15
SUSE CVE
SUSE CVE
added 2025/01/25 3:46 a.m.4 views

SUSE CVE-2025-24034

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially...

3.2CVSS7AI score0.00195EPSS
Exploits0References3
NVD
NVD
added 2025/01/23 6:15 p.m.13 views

CVE-2025-24034

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially...

3.2CVSS0.00195EPSS
Exploits0References6
CVE
CVE
added 2025/01/23 5:38 p.m.59 views

CVE-2025-24034

CVE-2025-24034 (Himmelblau) affects Himmelblau, an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.7.0 and older than 0.7.15 and older than 0.8.3, debug logging can leak credentials: user access tokens and Kerberos TGTs may be written to logs when debug is enabled. A...

3.2CVSS3.9AI score0.00195EPSS
Exploits0References6
OSV
OSV
added 2025/01/23 5:38 p.m.5 views

CVE-2025-24034 Himmelblau leaks credentials in the debug log

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially...

3.2CVSS6.9AI score0.00195EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/01/23 12:0 a.m.4 views

PT-2025-5270 · Microsoft · Intune +1

Name of the Vulnerable Software and Affected Versions: Himmelblau versions 0.7.0 through 0.7.14 Himmelblau versions 0.8.0 through 0.8.2 Description: Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debug logging is enabled, user access tokens are inadvertently...

3.2CVSS7AI score0.00195EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2024/06/16 4:1 a.m.5 views

SUSE CVE-2024-3183

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client's session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...

8.1CVSS7.8AI score0.02053EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2024/06/10 3:8 p.m.5 views

freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...

8.1CVSS5.8AI score0.02053EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/06/10 2:36 p.m.8 views

freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...

8.1CVSS5.8AI score0.02053EPSS
Exploits1References5
Rows per page
Query Builder