This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
The MIT Kerberos team reports :
MIT krb incorrectly accepts an unkeyed checksum with DES session keys
for version 2 (RFC 4121) of the GSS-API krb5 mechanism.
An unauthenticated remote attacker can forge GSS tokens that are
intended to be integrity-protected but unencrypted, if the targeted
pre-existing application session uses a DES session key.
MIT krb5 KDC incorrectly accepts RFC 3961 key-derivation checksums
using RC4 keys when verifying the req-checksum in a KrbFastArmoredReq.
An unauthenticated remote attacker has a 1/256 chance of swapping a
client-issued KrbFastReq into a different KDC-REQ, if the armor key is
RC4. The consequences are believed to be minor.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false