MIT Kerberos Development Team Information for VU#684563
MIT Kerberos V5 allows inter-realm user impersonation by malicious realm controllers with shared keys
- Vendor Information Help Date Notified: 20 May 2002
- Statement Date:
- Date Updated: 30 Jan 2003
MIT recommends updating to release 1.2.5 or later, preferably to the latest release. Patches specifically to fix these problems are not available at this time.
The vendor has not provided us with any further information regarding this vulnerability.
The MIT Kerberos Development Team has published MIT krb5 Security Advisory 2003-001 to address this vulnerability. For more information, please see:
If you have feedback, comments, or additional information about this vulnerability, please send us email.