Back to search
CVE-2001-1444
Published: Apr 21, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://josefsson.org/ktelnet/kerberos-telnet.html
x_refsource_MISC
kth-kerberos-unencrypted-connection(10640)
vdb-entry
x_refsource_XF
VU#774587
third-party-advisory
x_refsource_CERT-VN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now