Kerberos 4 Valid Username and Realm Disclosure Vulnerability

Kerberos 4 Valid Username and Realm Disclosure Vulnerability

Solution:
Kerberos 4 is obsoleted by Kerberos 5. Kerberos 5 is not vulnerable to this type of attack. Kerberos 5 running in backwards-compatability mode is also not vulnerable. Users are advised to upgrade to Kerberos 5.

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.