« List of all CVEs

CVE-2010-4021

Published: 12/2/2010 Last updated: 8/7/2024 Reserved: 10/20/2010

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (2)

conf-gssapi krb

Products affected (1)

Product	Vendor	Version
n/a	n/a	3.1.0 p2

References (34)