The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal.
2015-02-19T11:59:06.657
2025-04-12T10:46:40.837
Deferred
CVSSv2: 6.1 (MEDIUM)
AV:N/AC:H/Au:S/C:P/I:P/A:C
3.9
8.5
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | mit | kerberos_5 | 1.11 | Yes |
| Application | mit | kerberos_5 | 1.11.1 | Yes |
| Application | mit | kerberos_5 | 1.11.2 | Yes |
| Application | mit | kerberos_5 | 1.11.3 | Yes |
| Application | mit | kerberos_5 | 1.11.4 | Yes |
| Application | mit | kerberos_5 | 1.11.5 | Yes |
| Application | mit | kerberos_5 | 1.12 | Yes |
| Application | mit | kerberos_5 | 1.12.1 | Yes |
| Application | mit | kerberos_5 | 1.12.2 | Yes |
| Application | mit | kerberos_5 | 1.13 | Yes |