Lucene search

[email protected]CVE-2001-1444

HistoryAug 27, 2001 - 4:00 a.m.

CVE-2001-1444

2001-08-2704:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

kerberos

telnet

protocol

nvd

cve-2001-1444

authentication

encryption

attack

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.1%

JSON

The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack.

CPENameOperatorVersion
kth:kth_kerberoskth kth kerberoseq5
kth:kth_kerberoskth kth kerberoseq4

CPE	Name	Operator	Version
kth:kth_kerberos	kth kth kerberos	eq	5
kth:kth_kerberos	kth kth kerberos	eq	4

References

josefsson.org/ktelnet/kerberos-telnet.html

www.kb.cert.org/vuls/id/774587

exchange.xforce.ibmcloud.com/vulnerabilities/10640

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.1%

JSON