CNNVD-202508-3734 Information
CNNVD ID
CNNVD-202508-3734
Related CVE
- CNNVD Published: 2025-08-21
Description (Chinese)
MIT krb5(MIT Kerberos 5)是美国麻省理工(Massachusetts Institute Of Technology)大学的一套网络认证协议,它采用客户端/服务器结构,并且客户端和服务器端均可对对方进行身份认证(即双重验证),可防止窃听、防止replay攻击等。 MIT krb5存在安全漏洞,该漏洞源于verify_mic_v3可绕过限制,可能导致获取用户权限。
Description (English)
MIT krb5 (MIT Kerberos 5) is a web-based authentication protocol at Massachusetts Institute Of Technology University in the United States, which uses client/server structures and allows client and server-end identification of each other (i.e., dual authentication), preventing wiretapping, replay attacks, etc. There is a security loophole in MIT krb5, which stems from the fact that the restrictions can be bypassed by verify mic v3, which may lead to access to user privileges.
Vulnerability Type
其他
Affected Vendor
麻省理工
Published
2025-08-21
Last Modified
2026-02-24
References
https://vigilance.fr/vulnerability/MIT-krb5-user-access-via-verify-mic-v3-48042
Share on: