Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2003-0138
HistoryMar 24, 2003 - 5:00 a.m.

CVE-2003-0138

2003-03-2405:00:00
mitre
web.nvd.nist.gov
41
kerberos
protocol
impersonation
chosen-plaintext attack
nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.2

Confidence

High

EPSS

0.026

Percentile

90.4%

JSON

Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.

Affected configurations

Nvd
Node
mitkerberosMatch4
VendorProductVersionCPE
mitkerberos4cpe:2.3:a:mit:kerberos:4:*:*:*:*:*:*:*

Related

openvas 8
debian 8
nessus 7
cvelist 1
nvd 2
debiancve 1
cert 1
cve 1
osv 1
redhat 1
openvas
openvas
Debian Security Advisory DSA 273-1 (krb4)
2008-01-17 00:00:00
Debian Security Advisory DSA 269-1 (heimdal)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-269)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 269-2] New heimdal packages fix authentication failure
2003-04-09 15:56:36
[SECURITY] [DSA 269-1] New heimdal packages fix authentication failure
2003-03-26 12:01:13
[SECURITY] [DSA 273-1] New krb4 packages fix authentication failure
2003-03-28 12:12:01
nessus
nessus
Kerberos 4 Realm Principle Impersonation
2003-04-03 00:00:00
Debian DSA-269-1 : heimdal - Cryptographic weakness
2004-09-29 00:00:00
Debian DSA-273-1 : krb4 - Cryptographic weakness
2004-09-29 00:00:00
cvelist
cvelist
CVE-2003-0138
2003-03-21 05:00:00
nvd
nvd
CVE-2003-0138
2003-03-24 05:00:00
CVE-2003-0157
2003-03-24 05:00:00
debiancve
debiancve
CVE-2003-0138
2003-03-24 05:00:00
cert
cert
Cryptographic weakness in Kerberos Version 4 protocol
2003-03-20 00:00:00
cve
cve
CVE-2003-0157
2003-03-24 05:00:00
osv
osv
krb5 - several vulnerabilities
2003-03-24 00:00:00
redhat
redhat
(RHSA-2003:052) krb5 security update
2003-03-27 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.2

Confidence

High

EPSS

0.026

Percentile

90.4%

JSON
Related for CVE-2003-0138
openvas8debian8nessus7cvelist1nvd2debiancve1cert1cve1osv1redhat1