CVE-2001-1444

2005-04-2104:00:00

mitre

www.cve.org

6.8 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.5%

JSON

The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack.

References

josefsson.org/ktelnet/kerberos-telnet.html

www.kb.cert.org/vuls/id/774587

exchange.xforce.ibmcloud.com/vulnerabilities/10640