cbcvebase.
CVE-2010-1323
published 2010-12-02

CVE-2010-1323: MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might…

PriorityP418low3.7CVSS 3.0
AVNACHPRNUINSUCNILAN
EPSS
2.85%
84.9th percentile
MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.

Affected

34 ranges· showing 25
VendorProductVersion rangeFixed in
debiankrb5< krb5 1.8.3+dfsg-3 (bookworm)krb5 1.8.3+dfsg-3 (bookworm)
mitkerberos
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5
mitkerberos_5

CVSS provenance

nvdv3.03.7LOWCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
osv3.7LOW
vendor_debian3.7LOW
vendor_redhat3.7LOW
vendor_ubuntu3.7LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.