Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MIT Kerberos设计错误漏洞
Vulnerability Description
MIT Kerberos 5 是一种常用的开源Kerberos实现。 MIT Kerberos 5(又名krb5)1.8.x至1.8.3 版本不能阻止RC4密钥推导进行校验。远程认证用户可以通过利用超小密钥空间(由某个单字节流密码操作所导致)伪造(1)AD-SIGNEDPATH或者(2)AD-KDC-ISSUED签名并可能获取特权。
CVSS Information
N/A
Vulnerability Type
N/A