PRIOn knowledge basePRION:CVE-2014-5351Cross site request forgery (csrf)
6.6 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:S/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
65.5%
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
| CPE | Name | Operator | Version |
|---|---|---|---|
| kerberos_5 | eq | 1.12.2 |
References
advisories.mageia.org/MGASA-2014-0477.html
krbdev.mit.edu/rt/Ticket/Display.html?id=8018
lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html
lists.opensuse.org/opensuse-updates/2015-02/msg00044.html
security.gentoo.org/glsa/glsa-201412-53.xml
www.mandriva.com/security/advisories?name=MDVSA-2014:224
www.securityfocus.com/bid/70380
www.securitytracker.com/id/1031003
www.ubuntu.com/usn/USN-2498-1
bugzilla.redhat.com/show_bug.cgi?id=1145425
exchange.xforce.ibmcloud.com/vulnerabilities/97028
github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca
lists.debian.org/debian-lts-announce/2018/01/msg00040.html
lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html
lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html
Related
6.6 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:S/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
65.5%