node-krb5@0.0.6 vulnerabilities
Node.js native addon for simple krb5 user authentication
-
latest version
0.0.6
-
first published
11 years ago
-
latest version published
9 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the node-krb5 package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
'node-krb5' is a node.js native add-on for simple krb5 user authentication. Current implementation does not verify the Kerberos Key Distribution Center (KDC): it accepts a username/password from the user, then asks a KDC whether that password is correct for the corresponding Kerberos principal - without assurance that the response came from a real KDC. How to fix Spoofing attack due to unvalidated KDC? There's no official fix for the vulnerability. In the meanwhile, consider switching to a 'different npm module'. |
*
|