New Search

Kerberos SNAME Security Feature Bypass Vulnerability - CVE-2017-8495

oval:org.cisecurity:def:2755

Microsoft Windows 7 SP1 Windows Server 2008 SP2 and R2 SP1 Windows 8.1 and Windows RT 8.1 Windows Server 2012 and R2 Windows 10 Gold 1511 1607 and 1703 and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with the SNAME field during ticket exchange aka "Kerberos SNAME Security Feature Bypass Vulnerability" or Orpheus' Lyre.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2016
  • Microsoft Windows 7
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows 10
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2012
  • Microsoft Windows 8.1
Class:
vulnerability
Reference(s):
  • CVE-2017-8495
Product(s):