OpenSSH GSSAPI Credential Disclosure Vulnerability

OpenSSH GSSAPI Credential Disclosure Vulnerability

OpenSSH is susceptible to a GSSAPI credential-delegation vulnerability.

Specifically, if a user has GSSAPI authentication configured, and 'GSSAPIDelegateCredentials' is enabled, their Kerberos credentials will be forwarded to remote hosts. This occurs even when the user employs authentication methods other than GSSAPI to connect, which is not usually expected.

This vulnerability allows remote attackers to improperly gain access to GSSAPI credentials, allowing them to use those credentials to access resources granted to the original principal.

This issue affects versions of OpenSSH prior to 4.2.