CVE-2015-2694

MEDIUM Year: 2015
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-264
View all →

Vulnerability Description

The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.

Related Vulnerabilities

CVE-2015-7425

CRITICAL
CVSS:10.0(Critical)

The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6....

CWE-2642015

CVE-2015-7919

CRITICAL
CVSS:10.0(Critical)

SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors.

CWE-2642015

CVE-2015-8267

CRITICAL
CVSS:10.0(Critical)

The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords v...

CWE-2642015

CVE-2016-7457

CRITICAL
CVSS:10.0(Critical)

VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.

CWE-2642016

CVE-2016-8363

CRITICAL
CVSS:10.0(Critical)

An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RT...

CWE-2642016

CVE-2015-7411

CRITICAL
CVSS:9.9(Critical)

The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors.

CWE-2642015