Is there any workaround for fixing the following issue or any alternative to the kerberos library?
The python-kerberos
checkPassword()method is badly insecure. It does akinit(AS-REQ) to ask a KDC for a TGT for the given user principal, and interprets the success or failure of that as indicating whether the password is correct:
- Security issue: checkPassword is insecure
- Link to CVE entry about this security issue: cve
There is no active response from the maintainers.