VYPR

Kdcproxy

by Latchset

Source repositories

CVEs (2)

  • CVE-2025-59088HigNov 12, 2025
    risk 0.56cvss 8.6epss 0.00

    If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker…

  • CVE-2025-59089MedNov 12, 2025
    risk 0.31cvss 5.9epss 0.00

    If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's…