CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

SUSE CVE•added 2023/02/15 5:56 a.m.•1 views

SUSE CVE-2010-4020

MIT Kerberos 5 aka krb5 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a 1 AD-SIGNEDPATH or 2 AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte...

6.3CVSS7AI score0.00535EPSS

Exploits0References6

Tenable Nessus•added 2010/12/10 12:0 a.m.•35 views

FreeBSD : krb5 -- RFC 3961 key-derivation checksum handling vulnerability (1d193bba-03f6-11e0-bf50-001a926c7637)

The MIT Kerberos team reports : MIT krb5 releases incorrectly accepts RFC 3961 key-derivation checksums using RC4 keys when verifying AD-SIGNEDPATH and AD-KDC-ISSUED authorization data. An authenticated remote attacker that controls a legitimate service principal has a 1/256 chance of forging the...

6.3CVSS6.7AI score0.00535EPSS

Exploits0References3

Tenable Nessus•added 2010/12/10 12:0 a.m.•60 views

Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : krb5 vulnerabilities (USN-1030-1)

It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to alter the prompt message, modify a response to a Key Distribution Center KDC or forge a KRB-SAFE message. CVE-2010-1323 It was discovered that Kerber...

6.3CVSS5.7AI score0.04735EPSS

Exploits0References5

OpenVAS•added 2010/12/09 12:0 a.m.•32 views

Mandriva Update for krb5 MDVSA-2010:246 (krb5)

Check for the Version of krb5 OpenVAS Vulnerability Test Mandriva Update for krb5 MDVSA-2010:246 krb5 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

4.3CVSS6.4AI score0.04735EPSS

Exploits0References2