<p>A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD).</p>
<p>To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it.</p>
<p>The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD.</p>
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2021/11/10/3 | Mailing List Third Party Advisory |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17049 | Patch Vendor Advisory |
https://security.gentoo.org/glsa/202309-06 |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
31 Dec 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 9.0
v3 : 6.6 |
Summary | (en) <p>A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD).</p> <p>To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it.</p> <p>The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD.</p> |
17 Sep 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Aug 2022, 20:11
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* | |
First Time |
Samba
Samba samba |
|
CWE | CWE-863 |
30 Nov 2021, 22:22
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/11/10/3 - Mailing List, Third Party Advisory |
10 Nov 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
References |
|
Information
Published : 2020-11-11 07:15
Updated : 2023-12-31 19:15
NVD link : CVE-2020-17049
Mitre link : CVE-2020-17049
CVE.ORG link : CVE-2020-17049
JSON object : View
Products Affected
microsoft
- windows_server_2016
- windows_server_2012
- windows_server_2019
samba
- samba
CWE
CWE-863
Incorrect Authorization