VDB

ALPINE-CVE-2019-12098

ALPINE-CVE-2019-12098 PUBLISHED CVSS 7.400000095367432 HIGH

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

Risk Scores

CVSS 3.1
7.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Alpine:v3.8heimdal1.6_rc2-r1, 0, 1.2.1-r0
Alpine:v3.10heimdal1.3.1-r0, 1.3.1-r1, 1.3.1-r2
Alpine:v3.7heimdal1.2.1-r1, 1.2.1-r0, 1.2.1-r1
Alpine:v3.9heimdal1.2.1-r0, 1.2.1-r1, 1.2.1-r2

Timeline

  • May 15, 2019 CVE Published
  • Nov 19, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch
Open in Interactive Console →
$ Console Community · 100/wk Open console ›