“Windows implementation of Kerberos protocol is flawed” – update




A security researcher writes that Kerberos, an authentication protocol to include Windows, defective allowing a malicious user to include itself can grant administrator privileges. The leak would not seal.

The Kerberos protocol enables users to authenticate to a network without leaving passwords are sent. There is then used a key distribution center, which provides the necessary keys. The researcher of the Dfir-Blog managed to use the password of an account called ‘krbtgt’ to create a secret key. This account is created by default and is used by Microsoft regarded as a service account. ” The name can not be changed and the account is not removable. It is advised to change the default password, this is done according to the researcher, however, almost never.

With the created key can then key distribution center to be persuaded to grant further powers. After that it would be possible to perform various actions, including the creation of new users. Creating encrypted with outdated rc4-key algorithm is quite simple, since it is equal to the hash of the ntlm-user.

According to the researcher, it is not possible to counter the attack, “because it simply is how Kerberos works. The best option would be to protect privileged accounts, and to make use of techniques such as Microsoft-groups of Protected Users and the Credential Guard. The Register has Microsoft for comment and let the company know to be aware of the issue.

Update, December 16: This scenario assumes that the attacker already has access to the domain controller. Nor is it a new flaw in Kerberos, the techniques have been known as’ Golden Ticket ‘and’ Pass the Hash. The researcher will give an update on his blog, therefore that it is a comprehensive writeup rather than new findings.


In: Technology & Gadgets Asked By: [15229 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »