CyberNews Briefs

Vulnerability Exposes F5 BIG-IP to Kerberos KDC Hijacking Attacks

A high-severity vulnerability, CVE-2021-23008, allows the bypass of Active Directory authentication if the attacker can hijack a Kerberos Key Distribution Center connection. The attacker uses a spoofed Kerberos Authentication Service Response, or authentication bypass is possible from a compromised AD server. 

In order for the protocol to work, the user and KDS authenticate to the server and the server authenticates to the client. If the server is compromised, the attacker can bypass authentication and hijack the connection between the domain controller and the client. BIG-IP APM versions 11.5.2 through 16.0.1 are vulnerable. Fixes for versions 12.1.6, 13.1.4, 14.1.4 and 15.1.3 have been created, but not the other vulnerable versions.

Read more: Vulnerability Exposes F5 BIG-IP to Kerberos KDC Hijacking Attacks

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.