CVE-2018-20217

ANC

Medium

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket u…

CVSS

5.3

Medium

EPSS

0.02

p71

Published

2018-01-01

Updated

2018-01-01

Description

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.

Tags · CWE

CWE-617

Affected products

Debian_linux

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Timeline

2018-01-01

Published

2018-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: H

High (H)

Privileges Required

PR: L

Low (L)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: N

None (N)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.015 · p71

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Группа Астра (РусБИТех)

Krb5

Mit

Kerberos 5 Kerberos Krb5

Product	Vendor	Status
		Tracked
		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
krb5		Tracked
debian_linux	*	Tracked
kerberos	*	Tracked

Source databases

ANC

AST

DEB

CVE

RED

UBU

Related vulnerabilities

BDU:2026-01432