Download
| Alert*
|
oval:org.secpod.oval:def:704771
heimdal-dev is installed oval:org.secpod.oval:def:1901231 The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. oval:org.secpod.oval:def:1901981 In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. oval:org.secpod.oval:def:89345 Helmut Grohne discovered a flaw in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos. The backports of fixes for CVE-2022-3437 accidentally inverted important memory comparisons in the arcfour-hmac-md5 and rc4-hmac integrity check handlers for gssapi, resulting in ... oval:org.secpod.oval:def:88653 heimdal: Heimdal Kerberos Network Authentication Protocol Several security issues were fixed in Heimdal. oval:org.secpod.oval:def:610403 Helmut Grohne discovered a flaw in Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos. The backports of fixes for CVE-2022-3437 accidentally inverted important memory comparisons in the arcfour-hmac-md5 and rc4-hmac integrity check handlers for gssapi, resulting in ... oval:org.secpod.oval:def:707883 heimdal: Heimdal Kerberos Network Authentication Protocol Several security issues were fixed in Heimdal. |
