81 matches found
Astra Linux - уязвимость в heimdal
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11, and 4.11.x before 4.11.3 have a issue where the S4U MS-SFU Kerberos delegation model includes a feature that allows a subset of clients to be opt-out from constrained delegation in either S4U2Self or regular Kerberos authentication...
EUVD-2016-4173
Malware in sbrugna...
EUVD-2017-2995
Malware in sbrugna...
EUVD-2024-27644
Malicious code in bioql PyPI...
CVE-2024-2698
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the checkallowedtodelegate function: If the target service...
CVE-2024-2698
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the checkallowedtodelegate function: If the target service...
UBUNTU-CVE-2024-2698
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the checkallowedtodelegate function: If the target service...
CVE-2024-2698 Freeipa: delegation rules allow a proxy service to impersonate any user to access another target service
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the checkallowedtodelegate function: If the target service...
CVE-2024-2698
CVE-2024-2698 : In FreeIPA, initial MS-SFU handling with MIT Kerberos could grant forwardable on S4U2Self due to a missing condition. Upstream changes required a special case for check_allowed_to_delegate() when the target service arg is NULL (KDC probing general constrained delegation, not a spe...
CVE-2024-2698 Freeipa: delegation rules allow a proxy service to impersonate any user to access another target service
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the checkallowedtodelegate function: If the target service...
CVE-2024-2698
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the checkallowedtodelegate function: If the target service...
SUSE CVE-2016-3120
The validateasrequest function in kdcutil.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.13.6 and 1.4.x before 1.14.3, when restrictanonymoustotgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service NU...
CLSA-2023-1675372649 Fix CVE(s): CVE-2018-20217
SECURITY UPDATE: Possible KDC crash processing malformed S4U2Self request - debian/patches/CVE-2018-20217.patch: ignore password attributes for S4U2Self requests - CVE-2018-20217...
Kerberos TGT/TGS Ticket Requester
This module requests TGT/TGS Kerberos tickets from the KDC Module Options msf use auxiliary/admin/kerberos/getticket msf auxiliarygetticket show actions ...actions... msf auxiliarygetticket set ACTION msf auxiliarygetticket show options ...show and set options... msf auxiliarygetticket run This...
Kerberos Silver/Golden/Diamond/Sapphire Ticket Forging
This module forges a Kerberos ticket. Four different techniques can be used: - Silver ticket: Using a service account hash, craft a ticket impersonating any user and privileges to that account. - Golden ticket: Using the krbtgt hash, craft a ticket impersonating any user and privileges. - Diamond...
USN-5828-1: Kerberos vulnerabilities
It was discovered that Kerberos incorrectly handled certain S4U2Self requests. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. CVE-2018-20217 Greg Hudson discovered that Kerberos PAC implementation...
USN-5675-1: Heimdal vulnerabilities
Isaac Boukris and Andrew Bartlett discovered that Heimdal's KDC was not properly performing checksum algorithm verifications in the S4U2Self extension module. An attacker could possibly use this issue to perform a machine-in-the-middle attack and request S4U2Self tickets for any user known by the...
USN-5675-1 heimdal vulnerabilities
Isaac Boukris and Andrew Bartlett discovered that Heimdal's KDC was not properly performing checksum algorithm verifications in the S4U2Self extension module. An attacker could possibly use this issue to perform a machine-in-the-middle attack and request S4U2Self tickets for any user known by the...
Exploit for CVE-2021-42278
About Exploiting CVE-2021-42278 and CVE-2021-42287 to impers...
[SECURITY] [DLA 2771-1] krb5 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2771-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 30, 2021 https://wiki.debian.org/LTS -...