The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| kerberos(PyPI) | 0 | N/A | N/A |
| pykerberos(PyPI) | 0 | 1.1.6 | N/A |
CVSS Metrics
