Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/node-krb5@0.0.0-alpha

Type npm

Namespace

Name node-krb5

Version 0.0.0-alpha

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-pjkf-swrh-5uc9

vulnerability_id VCID-pjkf-swrh-5uc9

summary

Spoofing attack due to unvalidated KDC
This module does not validate the KDC, which might allow an attacker with network access and enough time to spoof the KDC and impersonate a valid user without knowing their credentials.

references

reference_url	http://archive.hack.lu/2010/Bouillon-Stealing-credentials-for-impersonation.pdf
reference_id
reference_type
scores
url	http://archive.hack.lu/2010/Bouillon-Stealing-credentials-for-impersonation.pdf

reference_url	https://github.com/qesuto/node-krb5/issues/13
reference_id
reference_type
scores
url	https://github.com/qesuto/node-krb5/issues/13

reference_url	https://www.npmjs.com/package/kerberos
reference_id
reference_type
scores
url	https://www.npmjs.com/package/kerberos

fixed_packages

aliases GMS-2016-58

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pjkf-swrh-5uc9

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/node-krb5@0.0.0-alpha

Package Instance