GHSA-4V9Q-HM2P-68C4 Spoofing attack due to unvalidated KDC in node-krb5

Affected versions of node-krb5 do not validate the KDC prior to authenticating, which might allow an attacker with network access and enough time to spoof the KDC and impersonate a valid user without knowing their credentials. Recommendation It appears that this will remain unfixed indefinitely, ...

Spoofing attack due to unvalidated KDC in node-krb5

Affected versions of node-krb5 do not validate the KDC prior to authenticating, which might allow an attacker with network access and enough time to spoof the KDC and impersonate a valid user without knowing their credentials. Recommendation It appears that this will remain unfixed indefinitely, ...