icon

We found results for “

CVE-2010-4021

Good to know:

icon
icon

Date: December 2, 2010

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."

Language: C

Severity Score

Severity Score

Weakness Type (CWE)

Configuration

CWE-16

Permissions, Privileges, and Access Control

CWE-264

Top Fix

icon

Upgrade Version

Upgrade to version kfw-4.0-final,krb5-1.10-alpha1

Learn More

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): HIGH
Authentication (AU): SINGLE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us