Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2014-5351
HistoryOct 10, 2014 - 1:55 a.m.

CVE-2014-5351

2014-10-1001:55:00
CWE-255
[email protected]
web.nvd.nist.gov
45
cve-2014-5351
kadm5_randkey_principal_3
libkadm5
svr_principal
kadmind
mit kerberos 5
krb5
administrative access
ticket forging
nvd

6 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

66.0%

JSON

The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.

CPENameOperatorVersion
mit:kerberos_5mit kerberos 5eq1.12.2

Related

prion 1
securityvulns 2
mageia 1
aix 1
ubuntucve 1
altlinux 3
openvas 10
fedora 2
nessus 11
debiancve 1
gentoo 1
suse 2
osv 1
debian 1
ubuntu 1
prion
prion
Cross site request forgery (csrf)
2014-10-10 01:55:00
securityvulns
securityvulns
MIT krb5 privilege escalation
2014-11-24 00:00:00
[ MDVSA-2014:224 ] krb5
2014-11-24 00:00:00
mageia
mageia
Updated krb5 packages fix security vulnerability
2014-11-21 15:44:16
aix
aix
AIX NAS vulnerability
2015-01-20 04:42:45
ubuntucve
ubuntucve
CVE-2014-5351
2014-10-09 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package krb5 version 1.13-alt1
2014-10-31 00:00:00
Security fix for the ALT Linux 8 package krb5 version 1.13-alt1
2014-10-31 00:00:00
Security fix for the ALT Linux 9 package krb5 version 1.13-alt1
2014-10-31 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0477)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1410-1)
2021-06-09 00:00:00
Gentoo Security Advisory GLSA 201412-53
2015-09-29 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: krb5-1.12.2-9.fc21
2014-10-08 19:01:55
[SECURITY] Fedora 20 Update: krb5-1.11.5-18.fc20
2015-03-09 08:18:34
nessus
nessus
Fedora 21 : krb5-1.12.2-9.fc21 (2014-11940)
2014-10-09 00:00:00
AIX NAS Advisory : nas_advisory2.asc
2015-01-27 00:00:00
Mandriva Linux Security Advisory : krb5 (MDVSA-2014:224)
2014-11-23 00:00:00
debiancve
debiancve
CVE-2014-5351
2014-10-10 01:55:00
gentoo
gentoo
MIT Kerberos 5: User-assisted execution of arbitrary code
2014-12-31 00:00:00
suse
suse
Security update for krb5 (important)
2015-02-16 14:05:49
Security update for krb5 (important)
2015-02-16 15:04:57
osv
osv
krb5 - security update
2018-01-31 00:00:00
debian
debian
[SECURITY] [DLA 1265-1] krb5 security update
2018-01-31 17:06:55
ubuntu
ubuntu
Kerberos vulnerabilities
2015-02-10 00:00:00

6 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

66.0%

JSON
Related for CVE-2014-5351
prion1securityvulns2mageia1aix1ubuntucve1altlinux3openvas10fedora2nessus11debiancve1gentoo1suse2osv1debian1ubuntu1