paul Posted March 4, 2010 Report Share Posted March 4, 2010 Pam_krb5 2.2.14 through 2.3.4 generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames (CVE-2009-1384). This update provides the version 2.3.5 of pam_krb5, which is not vulnerable to this issue. Link to comment Share on other sites More sharing options...
Recommended Posts