CVE-2001-1443Kerberos vulnerability

3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
1.1%
top 22.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
KTH Kerberos
Timeline
PublishedAug 27
Latest updateApr 30

Description

KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which allows remote attackers to read communications via a man-in-the-middle attack.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDkth/kth_kerberos4, 5+1

🔴Vulnerability Details

2
GHSA
GHSA-6xrh-w9h2-9wj3: KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which2022-04-30
CVEList
CVE-2001-1443: KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which2005-04-21
CVE-2001-1443 — KTH Kerberos vulnerability | cvebase