CVE-2015-2694
published 2015-05-25CVE-2015-2694: The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which…
PriorityP337medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EPSS
2.84%
84.9th percentile
The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.12.1+dfsg-20 (bookworm) | krb5 1.12.1+dfsg-20 (bookworm) |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.12.1+dfsg-20 | 1.12.1+dfsg-20 |
| mit | krb5 | >= 0 < 1.12.1+dfsg-20 | 1.12.1+dfsg-20 |
| mit | krb5 | >= 0 < 1.12.1+dfsg-20 | 1.12.1+dfsg-20 |
| mit | krb5 | >= 0 < 1.12.1+dfsg-20 | 1.12.1+dfsg-20 |
| mit | krb5 | >= 0 < 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.2 |
CVSS provenance
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
osv5.8MEDIUM
vendor_debian5.8MEDIUM
vendor_redhat5.8MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2015-11-12·CVSS 5.0
CVE-2002-2443 [MEDIUM] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Several security issues were fixed in Kerberos.
It was discovered that the Kerberos kpasswd service incorrectly handled
certain UDP packets. A remote attacker could possibly use this issue to
cause resource consumption, resulting in a denial of service. This issue
only affected Ubuntu 12.04 LTS. (CVE-2002-2443)
It was discovered that Kerberos incorrectly handled null bytes in certain
data fields. A remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu
14.04 LTS. (CVE-2014-5355)
It was discovered that the Kerberos kdcpreauth modules incorrectly tracked
certain client requests. A remote attacker could possibly use this issue
to bypass intended preauthentication requirements
Red Hat
krb5: issues in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass
vendor_redhat·2015-04-27·CVSS 5.8
CVE-2015-2694 [MEDIUM] krb5: issues in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass
krb5: issues in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass
The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
A flaw was found in the OTP kdcpreauth module of MIT Kerberos. A remote attacker could use this flaw to bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password.
Sta
Debian
CVE-2015-2694: krb5 - The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.1...
vendor_debian·2015·CVSS 5.8
CVE-2015-2694 [MEDIUM] CVE-2015-2694: krb5 - The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.1...
The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
Scope: local
bookworm: resolved (fixed in 1.12.1+dfsg-20)
bullseye: resolved (fixed in 1.12.1+dfsg-20)
forky: resolved (fixed in 1.12.1+dfsg-20)
sid: resolved (fixed in 1.12.1+dfsg-20)
trixie: resolved (fixed in 1.12.1+dfsg-20)
GHSA
GHSA-6h2g-5cjr-jj97: The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1
ghsa_unreviewed·2022-05-13
CVE-2015-2694 [MEDIUM] GHSA-6h2g-5cjr-jj97: The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1
The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
OSV
krb5 vulnerabilities
osv·2015-11-12·CVSS 5.0
CVE-2002-2443 [MEDIUM] krb5 vulnerabilities
krb5 vulnerabilities
It was discovered that the Kerberos kpasswd service incorrectly handled
certain UDP packets. A remote attacker could possibly use this issue to
cause resource consumption, resulting in a denial of service. This issue
only affected Ubuntu 12.04 LTS. (CVE-2002-2443)
It was discovered that Kerberos incorrectly handled null bytes in certain
data fields. A remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu
14.04 LTS. (CVE-2014-5355)
It was discovered that the Kerberos kdcpreauth modules incorrectly tracked
certain client requests. A remote attacker could possibly use this issue
to bypass intended preauthentication requirements. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-20
OSV
CVE-2015-2694: The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1
osv·2015-05-25·CVSS 5.8
CVE-2015-2694 [MEDIUM] CVE-2015-2694: The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1
The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-2694 krb5: issues in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass
bugzilla·2015-04-28·CVSS 5.8
CVE-2015-2694 [MEDIUM] CVE-2015-2694 krb5: issues in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass
CVE-2015-2694 krb5: issues in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass
The following flaw was found in MIT Kerberos:
In the OTP kdcpreauth module, the TKT_FLG_PRE_AUTH bit was set before the request was successfully verified. In the PKINIT kdcpreauth module, code 0 was returned on empty input or an unconfigured realm. Together, these bugs could cause the KDC preauth framework to erroneously treat a request as pre-authenticated.
In MIT krb5 1.12 and later, when the KDC is configured with PKINIT support, an unauthenticated remote attacker can bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password.
Bugzilla
CVE-2015-2694 krb5: issues in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass [fedora-21]
bugzilla·2015-04-28·CVSS 5.8
CVE-2015-2694 [MEDIUM] CVE-2015-2694 krb5: issues in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass [fedora-21]
CVE-2015-2694 krb5: issues in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass [fedora-21]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
fedora-21 tracking bug
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8160http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.securityfocus.com/bid/74824http://www.ubuntu.com/usn/USN-2810-1https://github.com/krb5/krb5/commit/e3b5a5e5267818c97750b266df50b6a3d4649604http://krbdev.mit.edu/rt/Ticket/Display.html?id=8160http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.securityfocus.com/bid/74824http://www.ubuntu.com/usn/USN-2810-1https://github.com/krb5/krb5/commit/e3b5a5e5267818c97750b266df50b6a3d4649604
2015-05-25
Published