Details of Kerberos Vulnerability Leaked | eWeek

Details of Kerberos Vulnerability Leaked

Verfasst von
Dennis Fisher
Dennis Fisher
Mar 17, 2003
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

There is a serious weakness in MITs Kerberos v4 authentication protocol that allows an attacker to impersonate any principal in a given realm.

The Kerberos development team at MIT said the contents of an unpublished paper with details of this vulnerability have been leaked on the Internet. Using these details, an attacker familiar with Kerberos could easily exploit the vulnerability.

The problem occurs because of a series of issues. Kerberos v4 tickets—or credentials—do not have a cryptographic hash of the encrypted data, random padding or a random initial vector. As a result, using a chosen plaintext attack, an attacker could fabricate a ticket.

The beginning of a Kerberos ticket is always a one-byte flag followed by the client name, so the attacker knows the encryption of the initial plaintext in a service key, according to the MIT advisory. If an attacker can gain control of a client principal whose name he has chosen, then he can get the encryption of these plaintext values in the service key.

An attacker who controls a Kerberos cross-realm key would be able to impersonate any principal in the remote realm to any service in that realm. This attack could lead to a root-level compromise of the Kerberos key distribution center as well as any other hosts that rely on the KDC for authentication.

By compromising a cross-realm principal, he would also be able to move among that principals realms and compromise any one that shares a cross-realm key with the principals local realm. In the Kerberos protocol, a realm is the logical network served by a Kerberos database and a set of KDCs. The vulnerability does not directly affect most Kerberos v5 implementations. However, v5 KDCs that also implement a KDC for v4 and use the same keys for both versions are vulnerable.

Kerberos, developed at the Massachusetts Institute of Technology, is among the most widely deployed authentication protocols on the Internet. It is implemented in dozens of software applications, as well, including Windows 2000. However, Windows 2000 uses Kerberos v5 and Microsoft officials said that, while theyre still researching the issue, they dont believe that operating system is vulnerable.

The patch kit for this weakness is here.

Latest Security News:

Search for more stories by Dennis Fisher.
Find white papers on security.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.