Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 21 May 2015 15:29:23 +0200
From: Martin Prpic <>
To: "OSS Security Mailinglist" <>
Subject:  CVE-2015-3206 python-kerberos: checkPassword() does not verify KDC authenticity


Red Hat has assigned CVE-2015-3206 to the following issue:
"The python-kerberos checkPassword() does verify that it actually spoke
to a trusted KDC"

Upstream has not fixed it, rather documented the insecurity of the
checkPassword() function. We feel that this is not a proper solution
given the fact that the pykerberos fork of this library did fix this
issue by adding KDC validation:

Red Hat bug:

Martin Prpič / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ