CVE-2019-12098
published 2019-05-15CVE-2019-12098: In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in…
high7.4CVSS 3.1
AVNACHPRNUINSUCHIHAN
In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | heimdal | < heimdal 7.5.0+dfsg-3 (bookworm) | heimdal 7.5.0+dfsg-3 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| heimdal_project | heimdal | < 7.6.0 | 7.6.0 |
| heimdal_project | heimdal | >= 0 < 7.5.0+dfsg-3 | 7.5.0+dfsg-3 |
| heimdal_project | heimdal | >= 0 < 7.5.0+dfsg-3 | 7.5.0+dfsg-3 |
| heimdal_project | heimdal | >= 0 < 7.5.0+dfsg-3 | 7.5.0+dfsg-3 |
| heimdal_project | heimdal | >= 0 < 7.5.0+dfsg-3 | 7.5.0+dfsg-3 |
| heimdal_project | heimdal | >= 0 < 7.5.0+dfsg-1ubuntu0.1 | 7.5.0+dfsg-1ubuntu0.1 |
| heimdal_project | heimdal | >= 0 < 7.7.0+dfsg-1ubuntu1.1 | 7.7.0+dfsg-1ubuntu1.1 |
| heimdal_project | heimdal | >= 0 < 1.6~git20131207+dfsg-1ubuntu1.2+esm1 | 1.6~git20131207+dfsg-1ubuntu1.2+esm1 |
| heimdal_project | heimdal | >= 0 < 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 | 1.7~git20150920+dfsg-4ubuntu1.16.04.1+esm1 |
| opensuse | backports_sle | — | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.17.4HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
osv7.5HIGH