Kerberos 4 4.0/5 5.0 KDC Spoofing Vulnerability

ID SSV:74069
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


Kerberos is a cryptographic authentication protocol that allows users of a network to access services without transmitting cleartext passwords. A common implementation of the protocol includes a login service which is vulnerable to an attack which involves spoofing responses from the Key Distribution Center (KDC). The login service authenticates a user by first requesting a ticket granting ticket (TGT) from the authentication server. If the TGT can be decrypted using the password supplied by the user, the login service attempts to verify the identity of the KDC by making a request with the received TGT for a service ticket for itself. The service ticket returned by the KDC is encrypted with a secret shared between the KDC and the service host. If the service ticket cannot be verified with the service's secret key it is assumed that the KDC is not authentic. If the login service has not been registered as a principal with the KDC or the service's secret key has not been installed on the host the login service will proceed without verification that the TGT was returned by the authentic KDC. In these circumstances it is possible to log into the server illicitly if an attacker can spoof responses from the Key Distribution Center.