** REJECT **
CVE编号
CVE-2020-1703利用情况
暂无补丁情况
N/A披露时间
2020-06-04漏洞描述
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Red Hat Product Security does not consider this as a security flaw. Password changes aren't expected to invalidate existing sessions. Though this is how Kerberos behaves: incrementing kvno will not invalidate any existing service tickets. This is not a concern because the lifetime on service tickets should be set appropriately (initially only a global, now also more finely configurable with the kdcpolicy plugin). This belief is reinforced by our use of mod_session: existing sessions there aren't terminated, but instead wait for expiration.解决建议
漏洞已被官方驳回(REJECT),无需处理。
参考链接 |
|---|
- 攻击路径 N/A
- 攻击复杂度 N/A
- 权限要求 N/A
- 影响范围 N/A
- 用户交互 N/A
- 可用性 N/A
- 保密性 N/A
- 完整性 N/A
| CWE-ID | 漏洞类型 |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论