Bugzilla – Bug 1178764
VUL-0: CVE-2020-17049: krb5: undisclosed kerberos issue may affect kinit
Last modified: 2022-03-11 13:28:59 UTC
+++ This bug was initially created as a clone of Bug #1178754 +++
There is a new vulnerability that Microsoft exposed that is impacting token renewals using kinit. Microsoft is providing a patch on Windows Domain controllers:
At this point it appears the CVE details have yet to be disclosed,
and it's unclear whether there's a patch for linux kerberos clients.
However Intel was wondering if there is an updated version of kinit to avoid this vulnerability.
@Alexander, per comments in bsc#1178754 I think this can be closed right?
Reassigned to security team to evaluate closing it.
This issue only affects the Microsoft KDC, not the krb5 one.