CVE-2019-12098Project Heimdal vulnerability

12 documents8 sources
Severity
7.4HIGHNVD
EPSS
2.8%
top 13.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Heimdal Project HeimdalDebian LinuxFedoraproject Fedora+2 more
Timeline
PublishedMay 15
Latest updateApr 16

Description

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages4 packages

Debianheimdal_project/heimdal< 7.5.0+dfsg-3+3
NVDopensuse/leap15.0, 15.1, 42.3+2

Also affects: Debian Linux 9.0, Fedora 30, 31

Patches

Patch: www.h5l.orgPatch: github.comPatch: github.com

🔴Vulnerability Details

5
VulDB
Heimdal 7.6.0 lib/krb5/init_creds_pw.c key management (ID 176913)2026-04-16
OSV
heimdal vulnerabilities2022-10-13
GHSA
GHSA-pfc3-2w85-9453: In the client side of Heimdal before 72022-05-24
OSV
CVE-2019-12098: In the client side of Heimdal before 72019-05-15
CVEList
CVE-2019-12098: In the client side of Heimdal before 72019-05-15

📋Vendor Advisories

2
Ubuntu
Heimdal vulnerabilities2022-10-13
Debian
CVE-2019-12098: heimdal - In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT P...2019

💬Community

4
Bugzilla
CVE-2019-12098 heimdall: heimdal: man-in-the-middle attack in function krb5_init_creds_step in lib/krb5/init_creds_pw.c [fedora-all]2019-05-16
Bugzilla
CVE-2019-12098 heimdal: man-in-the-middle attack in function krb5_init_creds_step in lib/krb5/init_creds_pw.c2019-05-16
Bugzilla
CVE-2019-12098 heimdal: man-in-the-middle attack in function krb5_init_creds_step in lib/krb5/init_creds_pw.c [fedora-all]2019-05-16
Bugzilla
CVE-2019-12098 heimdal: man-in-the-middle attack in function krb5_init_creds_step in lib/krb5/init_creds_pw.c [epel-all]2019-05-16
CVE-2019-12098 — Heimdal Project Heimdal vulnerability | cvebase