Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
| Link | Tags |
|---|---|
| http://support.avaya.com/css/P8/documents/100127250 | |
| http://secunia.com/advisories/43251 | third party advisory vendor advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64900 | vdb entry |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12432 | vdb entry signature |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-013 | vendor advisory |
| http://www.vupen.com/english/advisories/2011/0326 | vdb entry vendor advisory |
| http://osvdb.org/70834 | vdb entry |
| http://www.securitytracker.com/id?1025048 | vdb entry |
| http://www.securityfocus.com/bid/46130 | vdb entry |