Description
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
References (15)
Scores
CVSS v3
5.9
EPSS
0.0023
EPSS Percentile
45.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-328
Status
published
Products (18)
Red Hat/Red Hat Discovery 2
sha256:c499a099e03c7488ffe50529a34723ade191a89fcfc59d1f0edd01db2b579ca3
Red Hat/Red Hat Enterprise Linux 10
0:1.21.3-8.el10_0
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
0:1.18.2-32.el8_10
Red Hat/Red Hat Enterprise Linux 8.2 Advanced Update Support
0:1.17-19.el8_2.3
Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
0:1.18.2-9.el8_4.3
Red Hat/Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
0:1.18.2-9.el8_4.3
Red Hat/Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
0:1.18.2-16.el8_6.4
Red Hat/Red Hat Enterprise Linux 8.6 Telecommunications Update Service
0:1.18.2-16.el8_6.4
... and 8 more
Published
Apr 15, 2025
Tracked Since
Feb 18, 2026