News
Vigil@nce - Windows: authentication via Kerberos pass-the-ticket
August 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker having physical access to the network and a Windows client can authenticate under an other user.
Severity: 2/4
Creation date: 13/08/2010
DESCRIPTION OF THE VULNERABILITY
The Kerberos protocol uses several exchanges, in order to deliver a ticket to a client. This ticket allows for example to login. Windows implements a simplified version of this protocol.
An attacker located in the network between a workstation and its AD domain controller can capture an authentication session. He thus obtains a valid ticket.
The attacker can then physically connect to the workstation. He uses the captured login and a random password. The workstation will contact the AD but the exchange is intercepted by the attacker machine who returns the previously captured ticket. The workstation decipher the message considering it as valid and allows access to the attacker.
An attacker having physical access to the network and a Windows client can therefore authenticate under an other user.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
GOLD SPONSOR
