VDB
ALPINE-CVE-2019-12098
ALPINE-CVE-2019-12098
PUBLISHED
CVSS 7.400000095367432 HIGH
In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.
Risk Scores
CVSS 3.1
7.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.8 | heimdal | 1.6_rc2-r1, 0, 1.2.1-r0 |
| Alpine:v3.10 | heimdal | 1.3.1-r0, 1.3.1-r1, 1.3.1-r2 |
| Alpine:v3.7 | heimdal | 1.2.1-r1, 1.2.1-r0, 1.2.1-r1 |
| Alpine:v3.9 | heimdal | 1.2.1-r0, 1.2.1-r1, 1.2.1-r2 |
Timeline
- May 15, 2019 CVE Published
- Nov 19, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch