CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
EPSS
Percentile
99.1%
Two vulnerabilities in krb5 can be used by remote
attackers in denial of service attacks. The MIT security
advisories report this as follows:
An unauthenticated remote attacker can send an invalid
request to a KDC process that will cause it to crash
due to an assertion failure, creating a denial of
service.
An unauthenticated remote attacker could cause a GSS-API
application, including the Kerberos administration
daemon (kadmind) to crash.