Max CVSS | 10.0 | Min CVSS | 3.5 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-5730 | 5.5 |
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string w
|
23-05-2024 - 17:53 | 06-03-2018 - 20:29 | |
CVE-2017-7562 | 4.0 |
An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary prin
|
12-02-2023 - 23:31 | 26-07-2018 - 15:29 | |
CVE-2018-20217 | 3.5 |
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U
|
18-10-2021 - 12:03 | 26-12-2018 - 21:29 | |
CVE-2015-8631 | 4.0 |
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL pr
|
02-02-2021 - 19:15 | 13-02-2016 - 02:59 | |
CVE-2002-2443 | 5.0 |
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a for
|
02-02-2021 - 18:44 | 29-05-2013 - 14:29 | |
CVE-2013-1416 | 4.0 |
The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of s
|
02-02-2021 - 18:40 | 19-04-2013 - 11:44 | |
CVE-2013-1415 | 5.0 |
The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors
|
02-02-2021 - 18:39 | 05-03-2013 - 05:05 | |
CVE-2016-3120 | 4.0 |
The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows r
|
21-01-2020 - 15:47 | 01-08-2016 - 02:59 | |
CVE-2014-9423 | 5.0 |
The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attacker
|
21-01-2020 - 15:46 | 19-02-2015 - 11:59 | |
CVE-2014-9422 | 6.1 |
The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obta
|
21-01-2020 - 15:46 | 19-02-2015 - 11:59 | |
CVE-2014-4345 | 8.5 |
Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authe
|
21-01-2020 - 15:46 | 14-08-2014 - 05:01 | |
CVE-2010-4020 | 3.5 |
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the smal
|
21-01-2020 - 15:46 | 02-12-2010 - 16:22 | |
CVE-2010-1322 | 6.5 |
The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of s
|
21-01-2020 - 15:46 | 07-10-2010 - 21:00 | |
CVE-2011-1529 | 7.8 |
The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of servic
|
21-01-2020 - 15:46 | 20-10-2011 - 21:55 | |
CVE-2015-2694 | 5.8 |
The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1
|
21-01-2020 - 15:46 | 25-05-2015 - 19:59 | |
CVE-2011-0285 | 10.0 |
The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service
|
21-01-2020 - 15:46 | 15-04-2011 - 00:55 | |
CVE-2012-1015 | 9.3 |
The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for
|
21-01-2020 - 15:46 | 06-08-2012 - 16:55 | |
CVE-2011-0282 | 5.0 |
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted princi
|
21-01-2020 - 15:46 | 10-02-2011 - 18:00 | |
CVE-2011-0284 | 7.6 |
Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (dae
|
21-01-2020 - 15:46 | 20-03-2011 - 02:00 | |
CVE-2011-1530 | 6.8 |
The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted
|
09-10-2018 - 19:31 | 08-12-2011 - 20:55 |