High severity8.1NVD Advisory· Published Aug 25, 2017· Updated Jun 17, 2026
CVE-2015-3206
CVE-2015-3206
Description
The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
kerberosPyPI | <= 1.2.5 | — |
pykerberosPyPI | < 1.1.6 | 1.1.6 |
Affected products
3- cpe:2.3:a:apple:pykerberos:-:*:*:*:*:*:*:*
- ghsa-coords2 versions
<= 1.2.5+ 1 more
- (no CPE)range: <= 1.2.5
- (no CPE)range: < 1.1.6
Patches
Vulnerability mechanics
References
12- www.openwall.com/lists/oss-security/2015/05/21/3nvdMailing ListPatchThird Party AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/apple/ccs-pykerberos/issues/31nvdIssue TrackingPatchThird Party AdvisoryWEB
- pypi.python.org/pypi/kerberosnvdPatchVendor AdvisoryWEB
- www.securityfocus.com/bid/74760nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-mffc-9gx5-99g3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-3206ghsaADVISORY
- github.com/apple/ccs-pykerberos/commit/9cb61c93f9b24dd18a0a315f3df5445529c5c333ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/kerberos/PYSEC-2017-49.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/pykerberos/PYSEC-2017-66.yamlghsaWEB
- web.archive.org/web/20150910143429/https://trac.calendarserver.org/ticket/833ghsaWEB
- web.archive.org/web/20200228090829/http://www.securityfocus.com/bid/74760ghsaWEB
News mentions
0No linked articles in our index yet.