[krbdev.mit.edu #7886] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Thu Mar 20 17:47:36 EDT 2014
Don't check kpasswd reply address
Don't check the address of the kpasswd server when parsing the reply
we received from it. If the server's address was modified by a proxy
or other network element, the user will be incorrectly warned that the
password change failed when it succeeded. The check is unnecessary as
the kpasswd protocol is not subject to a reflection attack.
[ghudson at mit.edu: edit commit message]
https://github.com/krb5/krb5/commit/b562400826409deceb0d52ffbe6570670ee9db55
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: b562400826409deceb0d52ffbe6570670ee9db55
Branch: master
src/lib/krb5/os/changepw.c | 21 ---------------------
1 files changed, 0 insertions(+), 21 deletions(-)
More information about the krb5-bugs
mailing list