CVE-2010-4020

Published: 02 December 2010

MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.

Priority

Medium

CVSS 3 base score: 6.3

Status

Package Release Status
krb5
Launchpad, Ubuntu, Debian
Upstream Needs triage