Detections
Analytics

MIT Kerberos 4 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 1163

Synopsis

The remote host is running an inherently insecure protocol or application.

Description

The remote host is running Kerberos 4. It has been demonstrated that the Kerberos 4 protocol has inherent design flaws that make it insecure to use.

Solution

Upgrade to Kerberos 5. If you run Kerberos 5 with Kerberos 4 backward compatibility, make sure you upgrade to version 1.3.

See Also

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt

Plugin Details

Severity: High

ID: 1163

Family: Generic

Published: 8/20/2004

Updated: 3/6/2019

Nessus ID: 11511

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mit:kerberos

Reference Information

CVE: CVE-2003-0082, CVE-2003-0138, CVE-2003-0139

BID: 7113