MIT krb5 clients incorrectly accept an unkeyed checksums
in the SAM-2 preauthentication challenge.
An unauthenticated remote attacker could alter a SAM-2 challenge,
affecting the prompt text seen by the user or the kind of response
sent to the KDC. Under some circumstances, this can negate the
incremental security benefit of using a single-use authentication
mechanism token.
MIT krb5 incorrectly accepts RFC 3961 key-derivation checksums
using RC4 keys when verifying KRB-SAFE messages.
An unauthenticated remote attacker has a 1/256 chance of forging
KRB-SAFE messages in an application protocol if the targeted
pre-existing session uses an RC4 session key. Few application
protocols use KRB-SAFE messages.