« List of all CVEs

CVE-2014-5351

Published: 10/10/2014 Last updated: 8/6/2024 Reserved: 8/19/2014

The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (2)

conf-gssapi krb

Products affected (1)

Product	Vendor	Version
n/a	n/a	<= 6.6.*

References (30)