We found results for “”
WS-2016-0052
Date: September 10, 2015
"Node-krb5 is a node.js native add-on for simple krb5 user authentication.This module does not validate the KDC, which might allow an attacker with network access and enough time to spoof the KDC and impersonate a valid user without knowing their credentials."
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Insufficiently Protected Credentials
CWE-522CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | ADJACENT_NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | NONE |