CVE-2017-7562: CVE-2017-7562

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-7562

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

证书验证不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

MIT krb5 信任管理问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

MIT krb5（又名MIT Kerberos 5）是美国麻省理工（Massachusetts Institute Of Technology）大学的一套网络认证协议，它采用客户端/服务器结构，并且客户端和服务器端均可对对方进行身份认证（即双重验证），可防止窃听、防止replay攻击等。 MIT krb5 1.16.1之前版本存在信任管理问题漏洞。远程攻击者利用该漏洞获取未授权的访问权限或绕过安全限制。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
MIT	krb5	1.16.1	-

II. Public POCs for CVE-2017-7562

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2017-7562

Please Login to view more intelligence information

https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627dx_refsource_CONFIRM
https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2x_refsource_CONFIRM
https://github.com/krb5/krb5/pull/694x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562x_refsource_CONFIRM
https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196x_refsource_CONFIRM
http://www.securityfocus.com/bid/100511vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2018:0666vendor-advisoryx_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2017-7562

IV. Related Vulnerabilities

Same product: krb5

CVE-2019-14844
MIT krb5 安全漏洞

Same vendor: MIT

Same weakness: CWE-295

V. Comments for CVE-2017-7562

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2017-7562

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2017-7562

III. Intelligence Information for CVE-2017-7562

IV. Related Vulnerabilities

V. Comments for CVE-2017-7562

Leave a comment