Kerberos Flaws Allow Access To Protected Networks

KingFishKingFish
edited November 2004 in Science & Tech
The Massachusetts Institute of Technology has disclosed a number of serious security flaws in the Kerberos v5 authentication system, the worst of which could give unauthorized users access to protected corporate networks.
Various bugs in the Kerberos key distribution center, or KDC, which is used to authenticate users, may allow an attacker to run malicious code on a KDC host, compromising the entire realm served by the KDC, MIT researchers said. Similar flaws affect the krb524d component, also potentially allowing the compromise of an entire authentication realm, and the "krb5_rd_cred()" function, with a more limited impact. A bug in the KDC's ASN.1 decoder can be exploited to cause a vulnerable system to hang, security researchers said.

Kerberos, developed at MIT, is one of the most widely deployed authentication protocols on the Internet, and is implemented in many commercial products; Windows 2000 uses Kerberos v5, for example. MIT's advisories on the bugs, found here and here, contain instructions on patching. Kerberos v5 version 1.3.5 will also fix the bugs when it is released, according to MIT.
Source: eWeek
Sign In or Register to comment.