REDHAT-BUG-502602: Low severity pam_krb5 (pam module) vulnerability
A security flaw was found in PAM pamkrb5 module, providing user authentication based on Kerberos principals. A remote attacker could use this flaw to recognize, if some username/login belongs to set of user accounts, existing on the system, and subsequently perform dictionary based password guess attack.
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-502602?
REDHAT-BUG-502602 is considered a security flaw with potential impact on user authentication.
How do I fix REDHAT-BUG-502602?
To fix REDHAT-BUG-502602, it is recommended to update the PAM pam_krb5 module to the latest version.
What systems are affected by REDHAT-BUG-502602?
REDHAT-BUG-502602 affects systems utilizing the PAM pam_krb5 module for Kerberos-based authentication.
Can REDHAT-BUG-502602 lead to unauthorized access?
Yes, REDHAT-BUG-502602 can potentially enable a remote attacker to discover usernames and execute dictionary attacks.
Is there a workaround for REDHAT-BUG-502602?
Currently, specific workarounds for REDHAT-BUG-502602 have not been documented, so patching is the recommended action.