CVE-2017-7562
published 2018-07-26CVE-2017-7562: An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker…
PriorityP342medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
3.30%
87.0th percentile
An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | — | — |
| mit | kerberos_5 | >= 1.0 < 1.16.1 | 1.16.1 |
| mit | krb5 | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
vendor_debian6.5LOW
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vg8p-42hp-9g25: An authentication bypass flaw was found in the way krb5's certauth interface before 1
ghsa_unreviewed·2022-05-13
CVE-2017-7562 [MEDIUM] CWE-287 GHSA-vg8p-42hp-9g25: An authentication bypass flaw was found in the way krb5's certauth interface before 1
An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.
Red Hat
krb5: Authentication bypass by improper validation of certificate EKU and SAN
vendor_redhat·2017-08-25·CVSS 6.5
CVE-2017-7562 [MEDIUM] CWE-295 krb5: Authentication bypass by improper validation of certificate EKU and SAN
krb5: Authentication bypass by improper validation of certificate EKU and SAN
An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.
An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.
Package: krb5 (Red Hat Enterprise Linux 5) - Not affected
Package: krb5 (Red Hat Enterprise Linux 6) - Not affected
Package: krb5 (Red Ha
Debian
CVE-2017-7562: krb5 - An authentication bypass flaw was found in the way krb5's certauth interface bef...
vendor_debian·2017·CVSS 6.5
CVE-2017-7562 [MEDIUM] CVE-2017-7562: krb5 - An authentication bypass flaw was found in the way krb5's certauth interface bef...
An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/100511https://access.redhat.com/errata/RHSA-2018:0666https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562https://github.com/krb5/krb5/pull/694https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627dhttp://www.securityfocus.com/bid/100511https://access.redhat.com/errata/RHSA-2018:0666https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562https://github.com/krb5/krb5/pull/694https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d
2018-07-26
Published