ID CVE-2014-5351
Summary The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos_5:1.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.12.2:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 21-01-2020 - 15:46)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:H/Au:S/C:P/I:N/A:N
refmap via4
bid 70380
confirm
fedora
  • FEDORA-2014-11940
  • FEDORA-2015-2382
gentoo GLSA-201412-53
mandriva MDVSA-2014:224
mlist [debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update
sectrack 1031003
suse
  • SUSE-SU-2015:0290
  • openSUSE-SU-2015:0255
ubuntu USN-2498-1
xf kerberos-cve20145351-sec-bypass(97028)
Last major update 21-01-2020 - 15:46
Published 10-10-2014 - 01:55
Last modified 21-01-2020 - 15:46
Back to Top