MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol
hartmans at MIT.EDU
Mon Mar 17 18:27:48 EST 2003
>>>>> "Darren" == Darren Reed (OSE) <darrenr at optimation.com.au> writes:
Darren> One thing I'm not clear on having read that is how deep
Darren> the problem is. If you're not using krb524d, does that
Darren> mean you are not vulnerable if you are using 1.2.7, even
Darren> if you have enabled v4 keys as a "supported_enctype" in
Darren> kdc.conf ?
Enabling v4 keys in kdc.conf does not matter. The question is whether
KDC support for v4 is on. If you run with -4 none or -4 disabled on
the command line and do not run krb524d you are not vulnerable.
More information about the krbdev