Vulnerability Description
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Red Hat Product Security does not consider this as a security flaw. Password changes aren't expected to invalidate existing sessions. Though this is how Kerberos behaves: incrementing kvno will not invalidate any existing service tickets. This is not a concern because the lifetime on service tickets should be set appropriately (initially only a global, now also more finely configurable with the kdcpolicy plugin). This belief is reinforced by our use of mod_session: existing sessions there aren't terminated, but instead wait for expiration
FAQ
What is CVE-2020-1703?
CVE-2020-1703 is a documented vulnerability. Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Red Hat Prod...
How severe is CVE-2020-1703?
CVSS scoring is not yet available for CVE-2020-1703. Check NVD for updates.
Is there a patch for CVE-2020-1703?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.