Search for vulnerabilities
Vulnerability details: VCID-25pz-wnpa-aaad
Vulnerability ID VCID-25pz-wnpa-aaad
Aliases CVE-2010-4021
Summary The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."
Status Published
Exploitability 0.5
Weighted Severity 5.5
Risk 2.8
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-264 Permissions, Privileges, and Access Controls
CWE-16 Configuration
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00309 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.00483 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
epss 0.0144 https://api.first.org/data/v1/epss?cve=CVE-2010-4021
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=648736
cvssv2 2.1 https://nvd.nist.gov/vuln/detail/CVE-2010-4021
Reference id Reference type URL
http://kb.vmware.com/kb/1035108
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://lists.vmware.com/pipermail/security-announce/2011/000133.html
http://osvdb.org/69607
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4021.json
https://api.first.org/data/v1/epss?cve=CVE-2010-4021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4021
http://support.apple.com/kb/HT4581
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2010:246
http://www.securityfocus.com/archive/1/514953/100/0/threaded
http://www.securityfocus.com/archive/1/517739/100/0/threaded
http://www.securityfocus.com/bid/45122
http://www.securitytracker.com/id?1024803
http://www.ubuntu.com/usn/USN-1030-1
http://www.vmware.com/security/advisories/VMSA-2011-0007.html
http://www.vupen.com/english/advisories/2010/3094
http://www.vupen.com/english/advisories/2010/3118
648736 https://bugzilla.redhat.com/show_bug.cgi?id=648736
cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
CVE-2010-4021 https://nvd.nist.gov/vuln/detail/CVE-2010-4021
GLSA-201201-13 https://security.gentoo.org/glsa/201201-13
USN-1030-1 https://usn.ubuntu.com/1030-1/
No exploits are available.
Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2010-4021
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.70472
EPSS Score 0.00309
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.