76 matches found
Weekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modules
New Tracing Options As hard as we try to ensure that Metasploit is bug free, issues inevitably come up. Whether you’re running a module on an op or writing a new one, what we can do is make the debugging experience easier. To that end one of our two Google Summer of Code GSoC projects is here to...
Astra Linux – Vulnerability in Samba
Kerberos acceptors need easy access to stable AD identifiers e.g., objectSid. Samba, as an AD DC, now provides a way for Linux applications to obtain a reliable SID and samAccountName from the issued tickets...
Astra Linux – Vulnerability in Samba
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on November 8, 2022, and according to RFC8429, it is assumed that RC4-HMAC is weak. Vulnerable Samba Active Directory Domain Controllers will issue RC4-HMAC encrypted tickets, even though the targe...
rxrpc: reject undecryptable rxkad response tickets
...
Containing a domain compromise: How predictive shielding shut down lateral movement
In this article 1. Predictive shielding overview 2. Attack chain overview 3. How predictive shielding changed the outcome 4. MITRE ATT&CK® techniques observed 5. Learn more In identity-based attack campaigns, any initial access activity can turn an already serious intrusion into a critical incide...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001250)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001250 advisory. In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002903)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002903 advisory. In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the...
CLSA-2025-1761082525 Fix CVE(s): CVE-2022-45141
SECURITY UPDATE: AD DC can be forced to issue rc4-hmac Kerberos tickets - debian/patches/CVE-2022-45141.patch: fix session key selection algorithm for selecting the ticket in strongest-to-weakest order, thus allowing the target server to select better encryption - CVE-2022-45141...
SUSE CVE-2025-4404
A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the krbCanonicalName for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a...
USN-7582-1 samba vulnerabilities
Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. CVE-2022-3437 Greg Hudson discovered that Samba incorrectly handled PAC parsing. On...
USN-7582-1: Samba vulnerabilities
Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. CVE-2022-3437 Greg Hudson discovered that Samba incorrectly handled PAC parsing. On...
UBUNTU-CVE-2025-4404
A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the krbCanonicalName for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a...
SUSE CVE-2025-24034
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially...
CVE-2025-24034
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially...
CVE-2025-24034
CVE-2025-24034 (Himmelblau) affects Himmelblau, an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.7.0 and older than 0.7.15 and older than 0.8.3, debug logging can leak credentials: user access tokens and Kerberos TGTs may be written to logs when debug is enabled. A...
CVE-2025-24034 Himmelblau leaks credentials in the debug log
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially...
PT-2025-5270 · Microsoft · Intune +1
Name of the Vulnerable Software and Affected Versions: Himmelblau versions 0.7.0 through 0.7.14 Himmelblau versions 0.8.0 through 0.8.2 Description: Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debug logging is enabled, user access tokens are inadvertently...
SUSE CVE-2024-3183
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client's session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...
freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...
freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...