Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2003-03-21T05:00:00
Updated: 2024-08-08T01:43:36.020Z
Reserved: 2003-03-13T00:00:00
Link: CVE-2003-0139
Vulnrichment
No data.
NVD
Status : Modified
Published: 2003-03-24T05:00:00.000
Modified: 2018-10-19T15:29:25.930
Link: CVE-2003-0139
Redhat