CVE-2019-12098

HIGH

Heimdal <7.6.0 - Privilege Escalation

Title source: llm
STIX 2.1

Description

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

References (11)

Core 11
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.h5l.org/pipermail/heimdal-announce/2019-May/000009.html
Patch, Third Party Advisory x_refsource_misc
https://github.com/heimdal/heimdal/compare/3e58559...bbafe72
Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Jun/1
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2019/dsa-4455
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00002.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00003.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html

Scores

CVSS v3 7.4
EPSS 0.0284
EPSS Percentile 86.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-295
Status published
Products (8)
debian/debian_linux 9.0
fedoraproject/fedora 30
fedoraproject/fedora 31
heimdal_project/heimdal < 7.6.0
opensuse/backports_sle 15.0 (2 CPE variants)
opensuse/leap 15.0
opensuse/leap 15.1
opensuse/leap 42.3
Published May 15, 2019
Tracked Since Feb 18, 2026