MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol

Darren Reed (OSE) darrenr at
Mon Mar 17 17:51:44 EST 2003

One thing I'm not clear on having read that is how deep the
problem is.  If you're not using krb524d, does that mean you
are not vulnerable if you are using 1.2.7, even if you have
enabled v4 keys as a "supported_enctype" in kdc.conf ?


More information about the krbdev mailing list