MIT Kerberos Development Team Information for VU#684563

MIT Kerberos V5 allows inter-realm user impersonation by malicious realm controllers with shared keys



Vendor Statement

MIT recommends updating to release 1.2.5 or later, preferably to the latest release. Patches specifically to fix these problems are not available at this time.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The MIT Kerberos Development Team has published MIT krb5 Security Advisory 2003-001 to address this vulnerability. For more information, please see: