ID OSVDB:4880 Type osvdb Reporter OSVDB Modified 1996-02-21T00:00:00
Description
Vulnerability Description
An attacker querries a Kerberos server with a valid Kerberos username and realm, then runs a dictionary attack on the Ticket Granting Ticket returned. As all TGT's contain the string "krbtgt", once the attacker finds this string in a decrypted packet he knows he has found the key for the username given.
This exploit does require that the attacker already posess a valid username and know the kerberos realm. A separate exploit is available which allows the attacker to determine this information. The two indirect references above reference this information gathering method.
Solution Description
Upgrade to Kerberos version 5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Short Description
An attacker querries a Kerberos server with a valid Kerberos username and realm, then runs a dictionary attack on the Ticket Granting Ticket returned. As all TGT's contain the string "krbtgt", once the attacker finds this string in a decrypted packet he knows he has found the key for the username given.
This exploit does require that the attacker already posess a valid username and know the kerberos realm. A separate exploit is available which allows the attacker to determine this information. The two indirect references above reference this information gathering method.
References:
Other Advisory URL: http://www.securityfocus.com/advisories/579
ISS X-Force ID: 64
CVE-1999-0143
CERT: CA-1996-03
Bugtraq ID: 2351
{"title": "Kerberos 4 Key Server Session Key Masquerade", "published": "1996-02-21T00:00:00", "references": [], "type": "osvdb", "enchantments": {"score": {"value": 5.7, "vector": "NONE", "modified": "2017-04-28T13:19:59", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-1999-0143"]}], "modified": "2017-04-28T13:19:59", "rev": 2}, "vulnersScore": 5.7}, "cvelist": ["CVE-1999-0143"], "viewCount": 0, "affectedSoftware": [{"version": "4.0", "name": "Kerberos 4", "operator": "eq"}], "id": "OSVDB:4880", "modified": "1996-02-21T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:4880", "edition": 1, "description": "## Vulnerability Description\nAn attacker querries a Kerberos server with a valid Kerberos username and realm, then runs a dictionary attack on the Ticket Granting Ticket returned. As all TGT's contain the string \"krbtgt\", once the attacker finds this string in a decrypted packet he knows he has found the key for the username given.\n\nThis exploit does require that the attacker already posess a valid username and know the kerberos realm. A separate exploit is available which allows the attacker to determine this information. The two indirect references above reference this information gathering method.\n## Solution Description\nUpgrade to Kerberos version 5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nAn attacker querries a Kerberos server with a valid Kerberos username and realm, then runs a dictionary attack on the Ticket Granting Ticket returned. As all TGT's contain the string \"krbtgt\", once the attacker finds this string in a decrypted packet he knows he has found the key for the username given.\n\nThis exploit does require that the attacker already posess a valid username and know the kerberos realm. A separate exploit is available which allows the attacker to determine this information. The two indirect references above reference this information gathering method.\n## References:\nOther Advisory URL: http://www.securityfocus.com/advisories/579\nISS X-Force ID: 64\n[CVE-1999-0143](https://vulners.com/cve/CVE-1999-0143)\nCERT: CA-1996-03\nBugtraq ID: 2351\n", "bulletinFamily": "software", "reporter": "OSVDB", "cvss": {"vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 4.6}, "lastseen": "2017-04-28T13:19:59"}
