Microsoft Information for VU#602625

KTH Kerberos environment variables krb4proxy and KRBCONFDIR may be used insecurely


Not Affected

Vendor Statement

Windows 2000 does not support Kerb IV. W2K does not provide a kerberized telnetd, nor a Krb4 proxy server - therefore we're not vulnerable to VU#602625.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.