GithubHelp home page GithubHelp logo

checkPassword is insecure about ccs-pykerberos HOT 6 OPEN

apple avatar apple commented on August 12, 2024
checkPassword is insecure

from ccs-pykerberos.

Comments (6)

macosforgebot avatar macosforgebot commented on August 12, 2024

@wsanchez originally submitted this as comment:1:⁠ticket:833

from ccs-pykerberos.

macosforgebot avatar macosforgebot commented on August 12, 2024

@cyrusdaboo originally submitted this as comment:8:⁠ticket:833

  • Status changed from new to closed
  • Resolution set to Documentation changed

Added comments on checkPassword in r13268.

from ccs-pykerberos.

macosforgebot avatar macosforgebot commented on August 12, 2024

@wsanchez originally submitted this as comment:9:⁠ticket:833

  • Status changed from closed to reopened
  • Resolution Documentation changed deleted

Hrm, I wanna re-open this. I'd suggest we rename checkPassword to checkPassword_insecure so that it's clearly marked as a bad idea, and maybe made private (leading underbar or something).

But unless fixing the implementation as suggested doesn't make sense, I think this bug should stay open.

from ccs-pykerberos.

HariSekhon avatar HariSekhon commented on August 12, 2024

What is the implication of using this method for infrastructure testing & monitoring?

KDC spoofing might result in a false positive that infrastructure is online but would it result in credential compromise given Krb is designed to run over untrusted networks and only hashes timestamps and tickets instead of sending the actual pw/hashes? Is there any way it could lead to TGT theft or similar?

from ccs-pykerberos.

bjornfor avatar bjornfor commented on August 12, 2024

Link to CVE entry about this security issue: https://www.cvedetails.com/cve/CVE-2015-3206/

from ccs-pykerberos.

mohitbaviskar1999 avatar mohitbaviskar1999 commented on August 12, 2024

@cyrusdaboo are you still working on this issue ?

from ccs-pykerberos.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.