3 matches found
krb5: kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001)
It was found that the MIT Kerberos administration server kadmind incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal such as "kad/x" could use this flaw to impersonate any user t...
krb5: kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001)
It was found that the MIT Kerberos administration server kadmind incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal such as "kad/x" could use this flaw to impersonate any user t...
UBUNTU-CVE-2014-9422
The checkrpcsecauth function in kadmin/server/kadmrpcsvc.c in kadmind in MIT Kerberos 5 aka krb5 through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/ authorization check and obtain administrative access by leveraging access to a...