Search for vulnerabilities
Vulnerability details: VCID-qq81-qnx4-aaae
Vulnerability ID VCID-qq81-qnx4-aaae
Aliases CVE-2015-2694
Summary The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2694.html
rhas Moderate https://access.redhat.com/errata/RHSA-2015:2154
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.00362 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
epss 0.00431 https://api.first.org/data/v1/epss?cve=CVE-2015-2694
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1216133
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2694
cvssv2 5.8 https://nvd.nist.gov/vuln/detail/CVE-2015-2694
generic_textual Low https://ubuntu.com/security/notices/USN-2810-1
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Reference id Reference type URL
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8160
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2694.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2694.json
https://api.first.org/data/v1/epss?cve=CVE-2015-2694
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2694
https://github.com/krb5/krb5/commit/e3b5a5e5267818c97750b266df50b6a3d4649604
https://ubuntu.com/security/notices/USN-2810-1
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/74824
http://www.ubuntu.com/usn/USN-2810-1
1216133 https://bugzilla.redhat.com/show_bug.cgi?id=1216133
783557 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783557
cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.12.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.12.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.12.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.12.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.13.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.13.1:*:*:*:*:*:*:*
CVE-2015-2694 https://nvd.nist.gov/vuln/detail/CVE-2015-2694
RHSA-2015:2154 https://access.redhat.com/errata/RHSA-2015:2154
USN-2810-1 https://usn.ubuntu.com/2810-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-2694
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.24918
EPSS Score 0.001
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.