Several cryptographic vulnerabilities exist in the basic Kerberos Version 4 protocol that could allow an attacker to impersonate any user in a Kerberos realm and gain any privilege authorized through that Kerberos realm.
The MIT Kerberos Development team has discovered a serious cryptographic flaw in the Kerberos version 4 protocol. This flaw could allow an attacker to compromise the entire affected Kerberos realm.
From the MIT advisory:
A number of specific impacts can result because of this vulnerability:
Apply a patch from the vendor
The CERT/CC thanks Sam Hartman, Ken Raeburn, and Tom Yu of the Kerberos group at MIT for their detailed analysis and report of this vulnerability.
|Date First Published:||2003-03-20|
|Date Last Updated:||2003-05-09 19:18 UTC|