Back to search
CVE-2011-0091
Published: Feb 10, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
46140
vdb-entry
x_refsource_BID
70835
vdb-entry
x_refsource_OSVDB
http://support.avaya.com/css/P8/documents/100127250
x_refsource_CONFIRM
43257
third-party-advisory
x_refsource_SECUNIA
ms-kerberos-spoofing(64901)
vdb-entry
x_refsource_XF
MS11-013
vendor-advisory
x_refsource_MS
ADV-2011-0326
vdb-entry
x_refsource_VUPEN
1025048
vdb-entry
x_refsource_SECTRACK
oval:org.mitre.oval:def:12498
vdb-entry
signature
x_refsource_OVAL
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now