First published: Tue May 26 2009(Updated: )
A security flaw was found in PAM pam_krb5 module, providing user authentication based on Kerberos principals. A remote attacker could use this flaw to recognize, if some username/login belongs to set of user accounts, existing on the system, and subsequently perform dictionary based password guess attack.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Enterprise Linux | =5 | |
Redhat Enterprise Linux | =5 | |
Redhat Enterprise Linux | =5 | |
Redhat Enterprise Linux | =5 | |
Eyrie Pam-krb5 | =2.2.14 | |
Eyrie Pam-krb5 | =2.3 | |
Eyrie Pam-krb5 | =2.3.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.