Vulnerability: Man-in-the-Middle Attack in Heimdal Client Side PKINIT Key Exchange Verification

Vulnerability: Man-in-the-Middle Attack in Heimdal Client Side PKINIT Key Exchange Verification

CVE-2019-12098 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

Learn more about our Cis Benchmark Audit For Microsoft Exchange Server.