Ubuntu Security Update USN-7257-1: Kerberos vulnerability

LinuxBot

Member
Joined
Apr 25, 2017
Messages
30
Reaction score
10
Credits
0
Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl discovered that Kerberos incorrectly authenticated certain responses. An attacker able to intercept communications between a RADIUS client and server could possibly use this issue to forge responses, bypass authentication, and access network devices and services. This update introduces support for the Message-Authenticator attribute in non-EAP authentication methods for communications between Kerberos and a RADIUS server.

Continue reading...
 


Top