krb5 vulnerability ?
ronnie sahlberg
ronniesahlberg at gmail.com
Tue Dec 15 02:31:48 UTC 2015
Yeah, it looks a lot like
* if you get access to a users secret, then you can impersonate that user
* if you get access the the KDC's secret, then you can craft your own
tickets and impersonate everyone.
Not exactly new.
On Mon, Dec 14, 2015 at 5:34 PM, Jeremy Allison <jra at samba.org> wrote:
> On Mon, Dec 14, 2015 at 05:17:59PM -0800, Jeremy Allison wrote:
> > Interesting post here:
> >
> >
> http://dfir-blog.com/2015/12/13/protecting-windows-networks-kerberos-attacks/
> >
> > Still reading it myself to try and understand
> > if it's a real issue of not, but thought the
> > list would be interested.
>
> Hmmm. Doesn't look real as far as I can see
> (the article is full of hyperbole).
>
> It's got lots of phrases like:
>
> "So, if we have an access to the key.."
>
> "if we’re able to steal those tickets and somehow
> insert them into our own system"
>
> "It’s just an account in domain controller
> database, so your obviously need access to DC or it’s data."
>
> So looks like a "if we can break the security
> then we've broken the security" article :-).
>
> Move along, nothing to see here, sorry for
> the noise.
>
>
More information about the samba-technical
mailing list