CVE-2017-7562 in Red Hat and MIT Products

An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.

Weakness Types

Improper Certificate Validation

The software does not validate, or incorrectly validates, a certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.

What is an authentification Vulnerability?

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

CVE-2017-7562 has been classified to as an authentification vulnerability or weakness.

Products Associated with CVE-2017-7562

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2017-7562 are published in these products:

Affected Versions

Exploit Probability

EPSS

0.43%

Percentile

62.11%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.