There is a serious weakness in MIT’s Kerberos v4 authentication protocol that allows an attacker to impersonate any principal in a given realm. The Kerberos development team at MIT said the contents of an unpublished paper with details of this vulnerability have been leaked on the Internet. Using these details, an attacker familiar with Kerberos could easily exploit the vulnerability. The problem occurs because of a series of issues. Kerberos v4 tickets—or credentials—do not have a cryptographic hash of the encrypted data, random padding or a random initial vector. As a result, using a chosen plaintext attack, an attacker could fabricate a ticket. The beginning of a Kerberos ticket is always a one-byte flag followed by the client name, so the attacker knows the encryption of the initial plaintext in a service key, according to the MIT advisory. If an attacker can gain control of a client principal whose name he has chosen, then he can get the encryption of these plaintext values in the service key. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.