ID CVE-2001-1443Type cveReporter cve@mitre.orgModified 2017-07-11T01:29:00
Description
KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which allows remote attackers to read communications via a man-in-the-middle attack.
{"id": "CVE-2001-1443", "bulletinFamily": "NVD", "title": "CVE-2001-1443", "description": "KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which allows remote attackers to read communications via a man-in-the-middle attack.", "published": "2001-08-27T04:00:00", "modified": "2017-07-11T01:29:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1443", "reporter": "cve@mitre.org", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/10640", "http://www.kb.cert.org/vuls/id/390280", "http://josefsson.org/ktelnet/kerberos-telnet.html"], "cvelist": ["CVE-2001-1443"], "type": "cve", "lastseen": "2019-05-29T18:07:38", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "589fa6f8430736feb261b67b43f6b1a2"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "888702373b93595c4bb22c898f8919c6"}, {"key": "cpe23", "hash": "42688e727191c2691289f83875220629"}, {"key": "cvelist", "hash": "7d6a738888d3c7bb29dc3efe39a1494a"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "f30109dfdbfbf783c0b61792a6b2c20a"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "8b5627a127db4d4a60664e84ba67e1ab"}, {"key": "href", "hash": "d27df930ee3d77ee713e92be48338f71"}, {"key": "modified", "hash": "0570c0ae817ff4e1462c3ba2dbea4266"}, {"key": "published", "hash": "cb197ca8b1c6294427ddad6c8f6ec9cc"}, {"key": "references", "hash": "a7f816b752d0ccbb8d8c2fa604c293e5"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "d81618e50b1a241f41530cced5cbc041"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "079101dc603803bb8c16cc540077881cbec9729e1676b1a4a4a71244daabc614", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:18006"]}], "modified": "2019-05-29T18:07:38"}, "score": {"value": 5.6, "vector": "NONE", "modified": "2019-05-29T18:07:38"}, "vulnersScore": 5.6}, "objectVersion": "1.3", "cpe": ["cpe:/a:kth:kth_kerberos:5", "cpe:/a:kth:kth_kerberos:4"], "affectedSoftware": [{"name": "kth kth_kerberos", "operator": "eq", "version": "5"}, {"name": "kth kth_kerberos", "operator": "eq", "version": "4"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:kth:kth_kerberos:5:*:*:*:*:*:*:*", "cpe:2.3:a:kth:kth_kerberos:4:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nISS X-Force ID: 10640\n[CVE-2001-1443](https://vulners.com/cve/CVE-2001-1443)\nCERT VU: 390280\n", "modified": "2002-02-11T22:23:34", "published": "2002-02-11T22:23:34", "href": "https://vulners.com/osvdb/OSVDB:18006", "id": "OSVDB:18006", "type": "osvdb", "title": "Kerberos 4/5 Unencrypted Connection Fallback", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}
