Vulnerability in Mit Kerberos
CVE-2010-1323
MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a…
Vulnerability class: POODLE (CVE-2014-3566)
EPSS: 0.047 (89.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 3.7 (Low). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N.
Affected products
- Mit Kerberos — versions 5-1.5.4
- Mit Kerberos_5 — versions 1.3.3, 1.6.2, 1.5.1
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- SUSE-SU-2012:0042 (vendor-advisory, x_refsource_SUSE)
- ADV-2010-3094 (vdb-entry, x_refsource_VUPEN)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
- MDVSA-2010:246 (vendor-advisory, x_refsource_MANDRIVA)
- FEDORA-2010-18425 (x_refsource_FEDORA, vendor-advisory)
- 45118 (vdb-entry, x_refsource_BID)
- 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (x_refsource_CONFIRM)
- 46397 (x_refsource_SECUNIA, third-party-advisory)
- ADV-2010-3118 (vdb-entry, x_refsource_VUPEN)
Frequently asked questions
- What is CVE-2010-1323?
- CVE-2010-1323 is a low-severity vulnerability in Mit Kerberos, classified under Cryptographic Issues. CVSS score: 3.7/10. Published 2010-12-02.
- How severe is CVE-2010-1323?
- Low severity. CVSS v3 base score is 3.7 out of 10.
- Is CVE-2010-1323 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.