First published: Thu Dec 02 2010(Updated: )
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MIT Kerberos 5 | =1.8 | |
MIT Kerberos 5 | =1.8.1 | |
MIT Kerberos 5 | =1.8.2 | |
MIT Kerberos 5 | =1.8.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.