Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.11511
Category:General
Title:Kerberos IV cryptographic weaknesses
Summary:NOSUMMARY
Description:Description:

The remote host is running Kerberos IV.

It has been demonstrated that the Kerberos IV protocol has inherent
design flaws that make it insecure to use.


See also : http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt

Solution : Use kerberos 5 instead. If you run Kerberos 5 with kerberos IV backward
compatibility, make sure you upgrade to version 1.3

Risk factor : High

Cross-Ref: BugTraq ID: 7113
Common Vulnerability Exposure (CVE) ID: CVE-2003-0138
http://www.securityfocus.com/bid/7113
Bugtraq: 20030317 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol (Google Search)
http://marc.info/?l=bugtraq&m=104791775804776&w=2
Bugtraq: 20030331 GLSA: krb5 & mit-krb5 (200303-28) (Google Search)
http://www.securityfocus.com/archive/1/316960/30/25250/threaded
CERT/CC vulnerability note: VU#623217
http://www.kb.cert.org/vuls/id/623217
Debian Security Information: DSA-266 (Google Search)
http://www.debian.org/security/2003/dsa-266
Debian Security Information: DSA-269 (Google Search)
http://www.debian.org/security/2003/dsa-269
Debian Security Information: DSA-273 (Google Search)
http://www.debian.org/security/2003/dsa-273
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A248
http://www.redhat.com/support/errata/RHSA-2003-051.html
http://www.redhat.com/support/errata/RHSA-2003-052.html
http://www.redhat.com/support/errata/RHSA-2003-091.html
CopyrightThis script is Copyright (C) 2004 Tenable Network Security

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.