QwikSec

Security Database

CVE

CWE

Training

CVE-2010-4021

Published: Dec 2, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_VUPEN

vendor-advisory

x_refsource_MANDRIVA

http://kb.vmware.com/kb/1035108

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021]

mailing-list

x_refsource_BUGTRAQ

SUSE-SR:2010:023

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_OSVDB

http://www.vmware.com/security/advisories/VMSA-2011-0007.html

x_refsource_CONFIRM

APPLE-SA-2011-03-21-1

vendor-advisory

x_refsource_APPLE

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_SECTRACK

20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console

mailing-list

x_refsource_BUGTRAQ

SUSE-SR:2010:024

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

http://support.apple.com/kb/HT4581

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.