VYPR

Node Krb5

by Qesuto

CVEs (1)

  • CVE-2016-1000238medSep 1, 2020
    risk 0.26cvss epss 0.01

    Affected versions of `node-krb5` do not validate the KDC prior to authenticating, which might allow an attacker with network access and enough time to spoof the KDC and impersonate a valid user without knowing their credentials. ## Recommendation It appears that this will…