Vulnerability Database

296,733

Total vulnerabilities in the database

CVE-2014-5351

The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.

  • Published: Oct 10, 2014
  • Updated: Apr 13, 2023
  • CVE: CVE-2014-5351
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 2.1
  • AV:N/AC:H/Au:S/C:P/I:N/A:N

CWEs:

Software From Fixed in
mit / kerberos_5 1.12.2 1.12.2.x