CVE Vulnerabilities

CVE-2011-0091

Improper Authentication

Published: Feb 10, 2011 | Modified: Oct 30, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka Kerberos Spoofing Vulnerability.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Windows_server_2008 Microsoft r2 r2
Windows_server_2008 Microsoft r2 r2
Windows_7 Microsoft - -

Potential Mitigations

References