Vulnerabilities > CVE-2001-1444 - Remote Security vulnerability in KTH Kerberos 4/5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |