A Reachable Assertion issue exists in the KDC in MIT Kerberos 5 (aka krb5) prior to 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mit kerberos |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |