FreeBSD : krb5 -- requires_preauth bypass in PKINIT-enabled KDC (406636fe-055d-11e5-aab1-d050996490d0)
Medium Nessus Plugin ID 83901
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionMIT reports :
In MIT krb5 1.12 and later, when the KDC is configured with PKINIT support, an unauthenticated remote attacker can bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password.
SolutionUpdate the affected packages.