Timing Side-Channel Attack Vulnerability in Apple OS X Kerberos 5 PAM Module

Timing Side-Channel Attack Vulnerability in Apple OS X Kerberos 5 PAM Module

CVE-2016-4745 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack.

Learn more about our User Device Pen Test.