Pam_krb5 2.2.14 through 2.3.4 generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames . This update provides the version 2.3.5 of pam_krb5, which is not vulnerable to this issue.