Slashdot Mirror


MIT Warns of Critical Vulnerabilities in Kerberos 5

kinrowan writes "MIT, inventor of Kerberos, has announced a pair of vulnerabities in the software that will allow an attacker to either execute a DOS attack or execute code on the machine. Some details of the story are at SearchSecurity as well as ComputerWeekly. Details of the advisories themselves are also available. The vulnerabilities also affect the VPN 3000 line of Cisco VPN concentrators."

2 of 100 comments (clear)

  1. How about in 2K and XP by newandyh-r · · Score: 3, Interesting

    Microsoft's directory service has "embraced and extended" Kerberos ... does it also have this vulnerability?

  2. Wonder if Windows Kerberos will be affected? by caluml · · Score: 4, Interesting

    It would be interesting if the Windows implementation of Kerberos used in AD was vulnerable too. Apart from MIT, and Windows, who uses Kerberos nowadays? Doesn't SSH, and public-key based authentication pretty much make the whole thing irrelevant?