CVE-2016-1000238

Name of the Vulnerable Software and Affected Versions: node-krb5 (affected versions not specified)

Description: The issue concerns the lack of validation of the KDC prior to authentication in affected versions, potentially allowing an attacker with network access to spoof the KDC and impersonate a valid user without knowing their credentials.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a mitigation measure, consider using an alternative module that is actively maintained and provides similar functionality.