Kerberos 4 Valid Username and Realm Disclosure Vulnerability
BID:2351
Info
Kerberos 4 Valid Username and Realm Disclosure Vulnerability
| Bugtraq ID: | 2351 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 22 1996 12:00AM |
| Updated: | Nov 22 1996 12:00AM |
| Credit: | Discovered by mudge of the L0pht (now @stake) and published in an advisory on Nov 22, 1996. |
| Vulnerable: |
MIT Kerberos 4 4.0 |
| Not Vulnerable: | |
Discussion
Exploit / POC
Kerberos 4 Valid Username and Realm Disclosure Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Kerberos 4 Valid Username and Realm Disclosure Vulnerability
Solution:
Kerberos 4 is obsoleted by Kerberos 5. Kerberos 5 is not vulnerable to this type of attack. Kerberos 5 running in backwards-compatability mode is also not vulnerable. Users are advised to upgrade to Kerberos 5.
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Kerberos 4 is obsoleted by Kerberos 5. Kerberos 5 is not vulnerable to this type of attack. Kerberos 5 running in backwards-compatability mode is also not vulnerable. Users are advised to upgrade to Kerberos 5.
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.