3 matches found
CVE-2021-31798
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files...
RHEL 6 : krb5 (RHSA-2010:0925)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0925 advisory. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a...
krb5: krb5 may accept authdata checksums with low-entropy derived keys (MITKRB5-SA-2010-007)
MIT Kerberos 5 aka krb5 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a 1 AD-SIGNEDPATH or 2 AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte...