CVE-2010-4021 — Kerberos 5 vulnerability

CWE-16 CWE-2648 documents8 sources

Severity

2.1LOWNVD

EPSS

0.5%

top 35.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos 5

Timeline

PublishedDec 2

Latest updateMay 13

Description

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶Debianmit/krb5< 1.8+dfsg~alpha1-1+3

▶NVDmit/kerberos_51.7

🔴Vulnerability Details

GHSA

GHSA-w2r7-v523-8fwv: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1↗2022-05-13

▶

CVEList

CVE-2010-4021: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1↗2010-12-02

▶

OSV

CVE-2010-4021: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1↗2010-12-02

▶

📋Vendor Advisories

Ubuntu

Kerberos vulnerabilities↗2010-12-09

▶

Red Hat

krb5: KDC may issue unrequested tickets due to KrbFastReq forgery (MITKRB5-SA-2010-007)↗2010-11-30

▶

Debian

CVE-2010-4021: krb5 - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not prop...↗2010

▶

💬Community

Bugzilla

CVE-2010-4021 krb5: KDC may issue unrequested tickets due to KrbFastReq forgery (MITKRB5-SA-2010-007)↗2010-11-02

▶