Attacking and Fixing the Microsoft Windows Kerberos Login Service

The paper implemented and tested a recent attack called pass-the-ticket on various real Kerberos implementations. The attack allows a malicious user to physically login as a different one on a target host, under the assumption he is able to mount a man-in-the-middle attack between the attacked host and the Kerberos server. The results are that all recent Microsoft Windows operating systems are vulnerable to the attack while the MIT Kerberos implementation version 1.6.3, tested on Linux, is not. The paper has reported through CERT the vulnerability to Microsoft that will fix it in the next service pack.

Provided by: Universita Ca' Foscari Venezia Topic: Security Date Added: Jul 2010 Format: PDF

Find By Topic