[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-5351Date: (C)2014-10-10   (M)2023-12-22


The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1031003
BID-70380
FEDORA-2014-11940
FEDORA-2015-2382
GLSA-201412-53
MDVSA-2014:224
SUSE-SU-2015:0290
USN-2498-1
https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html
http://advisories.mageia.org/MGASA-2014-0477.html
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018
https://bugzilla.redhat.com/show_bug.cgi?id=1145425
https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca
kerberos-cve20145351-sec-bypass(97028)
openSUSE-SU-2015:0255

CWE    1
CWE-255
OVAL    4
oval:org.secpod.oval:def:702410
oval:org.secpod.oval:def:52405
oval:org.secpod.oval:def:108480
oval:org.secpod.oval:def:23235
...

© SecPod Technologies