Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion
search
Home Agent Weblogs Social Network Post Help About


This page contains all of the posts and discussion on MemeStreams referencing the following web page: [Full-Disclosure] Vulnerabilities in the Kerberos version 4 protocol. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

[Full-Disclosure] Vulnerabilities in the Kerberos version 4 protocol
by bucy at 10:37 am EST, Mar 17, 2003

] Several cryptographic vulnerabilities exist in the basic
] Kerberos Version 4 protocol that could allow an attacker
] to impersonate any user in a Kerberos realm and gain any
] privilege authorized through that Kerberos realm.
] Knowledge of the key shared between two realms for
] Kerberos 4 cross-realm authentication or the ability to
] create arbitrary principals in a realm is sufficient to
] print any ticket in the realm.

Maybe this will finally kill krb4 ... AFS has been the big
holdout and its finally starting to get krb5 support though
it only works with MIT krb5 and not heimdal (from kth.se) right
now.

Link - Reply

  
 
Powered By Industrial Memetics