[krbdev.mit.edu #31] security flaw in get_in_tkt: address verification

Sam Hartman via RT rt-comment at krbdev.mit.edu
Mon Jan 27 14:16:57 EST 2003

Previous message: [krbdev.mit.edu #1324] cannot reproduce
Next message: [krbdev.mit.edu #34] ktutil is solution
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If this is still actually a problem, we are unlikely to ever fix it.  We are moving away from
addresses as a security mechanism.  This problem will be reduced somewhat
by checksums introduced into Kerberos extensions.

Previous message: [krbdev.mit.edu #1324] cannot reproduce
Next message: [krbdev.mit.edu #34] ktutil is solution
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the krb5-bugs mailing list