High severity7.4NVD Advisory· Published May 15, 2019· Updated Apr 15, 2026
CVE-2019-12098
CVE-2019-12098
Description
In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*
- cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
- osv-coords4 versionspkg:rpm/opensuse/libheimdal&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/libheimdal&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/libheimdal&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/libheimdal&distro=SUSE%20Package%20Hub%2015%20SP1
< 7.7.0-lp151.3.3.1+ 3 more
- (no CPE)range: < 7.7.0-lp151.3.3.1
- (no CPE)range: < 7.7.0-lp151.3.3.1
- (no CPE)range: < 7.7.0-bp150.2.3.1
- (no CPE)range: < 7.7.0-bp151.4.3.1
Patches
Vulnerability mechanics
References
11- www.h5l.org/pipermail/heimdal-announce/2019-May/000009.htmlnvdPatchVendor Advisory
- github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cfnvdPatchThird Party Advisory
- github.com/heimdal/heimdal/compare/3e58559...bbafe72nvdPatchThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2019-07/msg00002.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2019-07/msg00003.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.htmlnvdMailing ListThird Party Advisory
- github.com/heimdal/heimdal/releases/tag/heimdal-7.6.0nvdThird Party Advisory
- seclists.org/bugtraq/2019/Jun/1nvdMailing ListThird Party Advisory
- www.debian.org/security/2019/dsa-4455nvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIXEDVVMPD6ZAJSMI2EZ7FNEIVNWE5PD/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLXXIF4LOQEAEDAF4UGP2AO6WDNTDFUB/nvd
News mentions
0No linked articles in our index yet.