Andrej Ota

**Name of the Vulnerable Software and Affected Versions** MIT Kerberos 5 versions 1.9 through 1.9.1 MIT Kerberos 5 versions prior to 1.9.2 **Description** The issue allows remote attackers to cause a denial of service, potentially leading to a disruption in confidentiality, integrity, and availability of protected information. This can be achieved through a kinit operation with incorrect string case for the realm. The functions `is principal in realm`, `krb5 set error message`, `krb5 ldap get principal`, and `process as req` are related to this issue. **Recommendations** For versions 1.9 through 1.9.1, update to version 1.9.2 or later to resolve the issue. For versions prior to 1.9.2, update to version 1.9.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the kdb ldap plugin in the Key Distribution Center (KDC) until a patch is available.