Vulnerability DatabaseCVE-2014-5351
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2014-5351
October 10, 2014
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
Related Resources (17)
https://exchange.xforce.ibmcloud.com/vulnerabilities/97028
http://security.gentoo.org/glsa/glsa-201412-53.xml
https://security-tracker.debian.org/tracker/CVE-2014-5351
https://access.redhat.com/security/cve/CVE-2014-5351
http://www.ubuntu.com/usn/USN-2498-1
http://www.securityfocus.com/bid/70380
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html
https://bugzilla.redhat.com/show_bug.cgi?id=1145425
http://www.securitytracker.com/id/1031003
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html
https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018
http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html
https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html
http://www.mandriva.com/security/advisories?name=MDVSA-2014:224
http://advisories.mageia.org/MGASA-2014-0477.html
Do you need more information?
Contact Us
CVSS v4
Base Score:
2.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
3.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
CVSS v2
Base Score:
2.1
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
EPSS
Base Score:
0.35