CVE-2010-4020

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 (aka krb5) versions 1.8.x through 1.8.3 MIT Kerberos 5 (aka krb5) versions prior to 1.9.2-r1

Description The issue allows remote authenticated users to potentially forge signatures, such as AD-SIGNEDPATH or AD-KDC-ISSUED, and possibly gain privileges by leveraging the small key space resulting from certain one-byte stream-cipher operations. This could lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely.

Recommendations For versions 1.8.x through 1.8.3, update to a version later than 1.8.3 to resolve the issue. For versions prior to 1.9.2-r1, update to version 1.9.2-r1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive operations that rely on the affected signature mechanisms until a patch is available.