Mandriva Linux Security Advisory : pam_krb5 (MDVSA-2010:054)
Medium Nessus Plugin ID 44989
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionPam_krb5 2.2.14 through 2.3.4 generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames (CVE-2009-1384).
This update provides the version 2.3.5 of pam_krb5, which is not vulnerable to this issue.
SolutionUpdate the affected pam_krb5 package.