CyberSec.Space Logo
Back to CVE Browser

CVE-2001-1444

HIGH
7.5
CVSS Severity Score
EPSS Score0.1980%
EPSS Percentile35.87th
PublishedAug 27, 2001
Last ModifiedApr 16, 2026

Vulnerability Description

The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack.

Affected Platforms (CPE)

πŸ“¦
Kth

Kth Kerberos

= 4
πŸ“¦
Kth

Kth Kerberos

= 5

References & Advisories

πŸ”— http://josefsson.org/ktelnet/kerberos-telnet.html
πŸ”— http://www.kb.cert.org/vuls/id/774587
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/10640
πŸ”— http://josefsson.org/ktelnet/kerberos-telnet.html
πŸ”— http://www.kb.cert.org/vuls/id/774587
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/10640

Related Vulnerabilities

CVE-2002-123510.0

The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1....

CVE-2002-06007.5

Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote malicious servers to execute arbitrary code on the client via...

CVE-2001-00347.2

KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate ...

CVE-2001-00357.2

Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV allows remote attackers to cause a denial of service and possi...