CVE-2011-0091

Name of the Vulnerable Software and Affected Versions Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 (affected versions not specified)

Description A spoofing issue exists in Kerberos implementations, allowing man-in-the-middle attackers to downgrade the encryption from strong encryption to DES, potentially spoofing network traffic and obtaining sensitive information. This occurs because Kerberos authentication can be downgraded to use DES instead of the default stronger encryption standards.

Recommendations For Windows Server 2008 R2 and Windows 7, consider configuring Kerberos to prevent the use of DES encryption as a temporary workaround until a patch is available. Restrict access to sensitive information and network resources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.