Kerberos 4 4.05 5.0 - KDC Spoofing

2000-08-28T00:00:00
ID EXPLOITPACK:9AA9847B81F1934E57D6B528E1A8F8E3
Type exploitpack
Reporter Dug Song
Modified 2000-08-28T00:00:00

Description

Kerberos 4 4.05 5.0 - KDC Spoofing

                                        
                                            source: https://www.securityfocus.com/bid/1616/info

Kerberos is a cryptographic authentication protocol that allows users of a network to access services without transmitting cleartext passwords. A common implementation of the protocol includes a login service which is vulnerable to an attack which involves spoofing responses from the Key Distribution Center (KDC). The login service authenticates a user by first requesting a ticket granting ticket (TGT) from the authentication server. If the TGT can be decrypted using the password supplied by the user, the login service attempts to verify the identity of the KDC by making a request with the received TGT for a service ticket for itself. The service ticket returned by the KDC is encrypted with a secret shared between the KDC and the service host. If the service ticket cannot be verified with the service's secret key it is assumed that the KDC is not authentic. If the login service has not been registered as a principal with the KDC or the service's secret key has not been installed on the host the login service will proceed without verification that the TGT was returned by the authentic KDC. In these circumstances it is possible to log into the server illicitly if an attacker can spoof responses from the Key Distribution Center.

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/20181.tar.gz