Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
gopkg.in/jcmturner/gokrb5.v8
It is recommended to use the latest version:
Development will be focused on the latest major version. New features will only be targeted at this version.
Versions | Dependency Management | Import Path | Usage | Godoc | Go Report Card |
---|---|---|---|---|---|
Go modules | import "github.com/jcmturner/gokrb5/v8/{sub-package}" | ||||
gopkg.in | import "gopkg.in/jcmturner/gokrb5.v7/{sub-package}" |
gokrb5 may work with other versions of Go but they are not formally tested. It has been reported that gokrb5 also works with the gollvm compiler but this is not formally tested.
/tmp/krb5cc_$(id -u $(whoami))
Implementation | Encryption ID | Checksum ID | RFC |
---|---|---|---|
des3-cbc-sha1-kd | 16 | 12 | 3961 |
aes128-cts-hmac-sha1-96 | 17 | 15 | 3962 |
aes256-cts-hmac-sha1-96 | 18 | 16 | 3962 |
aes128-cts-hmac-sha256-128 | 19 | 19 | 8009 |
aes256-cts-hmac-sha384-192 | 20 | 20 | 8009 |
rc4-hmac | 23 | -138 | 4757 |
The following is working/tested:
If you are interested in contributing to gokrb5, great! Please read the contribution guidelines.
Thank you for your interest in contributing to gokrb5 please read the contribution guide as it should help you get started.
Issue | Worked around? | References |
---|---|---|
The Go standard library's encoding/asn1 package cannot unmarshal into slice of asn1.RawValue | Yes | https://github.com/golang/go/issues/17321 |
The Go standard library's encoding/asn1 package cannot marshal into a GeneralString | Yes - using https://github.com/jcmturner/gofork/tree/master/encoding/asn1 | https://github.com/golang/go/issues/18832 |
The Go standard library's encoding/asn1 package cannot marshal into slice of strings and pass stringtype parameter tags to members | Yes - using https://github.com/jcmturner/gofork/tree/master/encoding/asn1 | https://github.com/golang/go/issues/18834 |
The Go standard library's encoding/asn1 package cannot marshal with application tags | Yes | |
The Go standard library's x/crypto/pbkdf2.Key function uses the int type for iteraction count limiting meaning the 4294967296 count specified in https://tools.ietf.org/html/rfc3962 section 4 cannot be met on 32bit systems | Yes - using https://github.com/jcmturner/gofork/tree/master/x/crypto/pbkdf2 | https://go-review.googlesource.com/c/crypto/+/85535 |
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.