Details of Kerberos Vulnerability Leaked

Details of a serious vulnerability in MIT's Kerberos v4 authentication protocol leaked on to the Internet.

There is a serious weakness in MITs Kerberos v4 authentication protocol that allows an attacker to impersonate any principal in a given realm.

The Kerberos development team at MIT said the contents of an unpublished paper with details of this vulnerability have been leaked on the Internet. Using these details, an attacker familiar with Kerberos could easily exploit the vulnerability.

The problem occurs because of a series of issues. Kerberos v4 tickets—or credentials—do not have a cryptographic hash of the encrypted data, random padding or a random initial vector. As a result, using a chosen plaintext attack, an attacker could fabricate a ticket.

The beginning of a Kerberos ticket is always a one-byte flag followed by the client name, so the attacker knows the encryption of the initial plaintext in a service key, according to the MIT advisory. If an attacker can gain control of a client principal whose name he has chosen, then he can get the encryption of these plaintext values in the service key.

An attacker who controls a Kerberos cross-realm key would be able to impersonate any principal in the remote realm to any service in that realm. This attack could lead to a root-level compromise of the Kerberos key distribution center as well as any other hosts that rely on the KDC for authentication.

By compromising a cross-realm principal, he would also be able to move among that principals realms and compromise any one that shares a cross-realm key with the principals local realm. In the Kerberos protocol, a realm is the logical network served by a Kerberos database and a set of KDCs. The vulnerability does not directly affect most Kerberos v5 implementations. However, v5 KDCs that also implement a KDC for v4 and use the same keys for both versions are vulnerable.

Kerberos, developed at the Massachusetts Institute of Technology, is among the most widely deployed authentication protocols on the Internet. It is implemented in dozens of software applications, as well, including Windows 2000. However, Windows 2000 uses Kerberos v5 and Microsoft officials said that, while theyre still researching the issue, they dont believe that operating system is vulnerable.

The patch kit for this weakness is here.

Latest Security News:

Search for more stories by Dennis Fisher.
Find white papers on security.