5 matches found
SUSE CVE-2010-4020
MIT Kerberos 5 aka krb5 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a 1 AD-SIGNEDPATH or 2 AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte...
FreeBSD : krb5 -- multiple checksum handling vulnerabilities (0d57c1d9-03f4-11e0-bf50-001a926c7637)
The MIT Kerberos team reports : MIT krb incorrectly accepts an unkeyed checksum with DES session keys for version 2 RFC 4121 of the GSS-API krb5 mechanism. An unauthenticated remote attacker can forge GSS tokens that are intended to be integrity-protected but unencrypted, if the targeted...
CVE-2010-4020
MIT Kerberos 5 aka krb5 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a 1 AD-SIGNEDPATH or 2 AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte...
CVE-2010-4020
MIT Kerberos 5 aka krb5 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a 1 AD-SIGNEDPATH or 2 AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte...
CVE-2010-4020
MIT Kerberos 5 aka krb5 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a 1 AD-SIGNEDPATH or 2 AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte...