Details of Kerberos Vulnerability Leaked
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Details of Kerberos Vulnerability Leaked

Written By
Dennis Fisher
Dennis Fisher
Mar 17, 2003
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

There is a serious weakness in MITs Kerberos v4 authentication protocol that allows an attacker to impersonate any principal in a given realm.

The Kerberos development team at MIT said the contents of an unpublished paper with details of this vulnerability have been leaked on the Internet. Using these details, an attacker familiar with Kerberos could easily exploit the vulnerability.

The problem occurs because of a series of issues. Kerberos v4 tickets—or credentials—do not have a cryptographic hash of the encrypted data, random padding or a random initial vector. As a result, using a chosen plaintext attack, an attacker could fabricate a ticket.

The beginning of a Kerberos ticket is always a one-byte flag followed by the client name, so the attacker knows the encryption of the initial plaintext in a service key, according to the MIT advisory. If an attacker can gain control of a client principal whose name he has chosen, then he can get the encryption of these plaintext values in the service key.

An attacker who controls a Kerberos cross-realm key would be able to impersonate any principal in the remote realm to any service in that realm. This attack could lead to a root-level compromise of the Kerberos key distribution center as well as any other hosts that rely on the KDC for authentication.

By compromising a cross-realm principal, he would also be able to move among that principals realms and compromise any one that shares a cross-realm key with the principals local realm. In the Kerberos protocol, a realm is the logical network served by a Kerberos database and a set of KDCs. The vulnerability does not directly affect most Kerberos v5 implementations. However, v5 KDCs that also implement a KDC for v4 and use the same keys for both versions are vulnerable.

Kerberos, developed at the Massachusetts Institute of Technology, is among the most widely deployed authentication protocols on the Internet. It is implemented in dozens of software applications, as well, including Windows 2000. However, Windows 2000 uses Kerberos v5 and Microsoft officials said that, while theyre still researching the issue, they dont believe that operating system is vulnerable.

The patch kit for this weakness is here.

Latest Security News:

Search for more stories by Dennis Fisher.
Find white papers on security.
Dennis Fisher
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information