CVE-2014-5351CVE-2014-5351

Affected configuration(s):

cpe:/a:mit:kerberos:5-1.12.2

Date published: 2014-10-09T21:55:11.307-04:00

Date last modified: 2017-09-07T21:29:05.857-04:00

CVSS Score: 2.1

Principal attack vector: NETWORK

Complexity:  HIGH

Reference URL: http://advisories.mageia.org/MGASA-2014-0477.html

Summary: The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *