1. Home
  2. CVE Database
  3. CVE-2010-1324
LOW · 3.7

CVE-2010-1324

MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have uns...

Vulnerability Description

MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.

CVSS Score

3.7

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
MitKerberos 51.7

Related Weaknesses (CWE)

CWE-310

References

FAQ

What is CVE-2010-1324?

CVE-2010-1324 is a vulnerability with a CVSS score of 3.7 (LOW). MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have uns...

How severe is CVE-2010-1324?

CVE-2010-1324 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-1324?

Check the references section above for vendor advisories and patch information. Affected products include: Mit Kerberos 5.