PYSEC-2017-49

Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/kerberos/PYSEC-2017-49.yaml
Aliases
Published
2017-08-25T18:29:00Z
Modified
2024-02-23T21:13:18.674606Z
Details

The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.

References

Affected packages

PyPI / kerberos

Package

Name
kerberos

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.0

Affected versions

1.*

1.1.1
1.1.2
1.2.0
1.2.2
1.2.3
1.2.4
1.2.5
1.3.0
1.3.1