Vulnerability Exposes F5 BIG-IP to Kerberos KDC Hijacking Attacks
A high-severity vulnerability, CVE-2021-23008, allows the bypass of Active Directory authentication if the attacker can hijack a Kerberos Key Distribution Center connection. The attacker uses a spoofed Kerberos Authentication Service Response, or authentication bypass is possible from a compromised AD server.
In order for the protocol to work, the user and KDS authenticate to the server and the server authenticates to the client. If the server is compromised, the attacker can bypass authentication and hijack the connection between the domain controller and the client. BIG-IP APM versions 11.5.2 through 16.0.1 are vulnerable. Fixes for versions 12.1.6, 13.1.4, 14.1.4 and 15.1.3 have been created, but not the other vulnerable versions.