CVE-2010-1323

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2010-1323

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2010-1323.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2010-1323

Downstream

DEBIAN-CVE-2010-1323

DSA-2129-1

RHSA-2010:0925

RHSA-2010:0926

openSUSE-SU-2024:10004-1

Related

openSUSE-SU-2024:10004-1

Published

2010-12-02T16:22:20Z

Modified

2025-08-09T20:01:27Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.

References

Affected packages