Date published: 2014-10-09T21:55:11.307-04:00
Date last modified: 2017-09-07T21:29:05.857-04:00
CVSS Score: 2.1
Principal attack vector: NETWORK
Reference URL: http://advisories.mageia.org/MGASA-2014-0477.html
Summary: The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.