cbcvebase.
CVE-2010-4021
published 2010-12-02

CVE-2010-4021: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might…

PriorityP415low2.1CVSS 2.0
AVNACHAuSCNIPAN
EPSS
2.09%
79.3th percentile
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."

Affected

8 ranges
VendorProductVersion rangeFixed in
debiankrb5< krb5 1.8+dfsg~alpha1-1 (bookworm)krb5 1.8+dfsg~alpha1-1 (bookworm)
mitkerberos_5
mitkrb5>= 0 < 1.8+dfsg~alpha1-11.8+dfsg~alpha1-1
mitkrb5>= 0 < 1.8+dfsg~alpha1-11.8+dfsg~alpha1-1
mitkrb5>= 0 < 1.8+dfsg~alpha1-11.8+dfsg~alpha1-1
mitkrb5>= 0 < 1.8+dfsg~alpha1-11.8+dfsg~alpha1-1
vmwarevmware_esxi
vmwarevmware_workstation

CVSS provenance

nvdv2.02.1LOWAV:N/AC:H/Au:S/C:N/I:P/A:N
osv2.1LOW
vendor_ubuntu3.7LOW
vendor_debian2.1LOW
vendor_redhat2.1LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.