Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Windows Kerberos Authentication Bypass
From: Tommaso Malgherini <mamaragan () gmail com>
Date: Fri, 13 Aug 2010 14:08:33 +0200

OVERVIEW:
A vulnerability was found in all recent Windows operating systems. The
attack allows a malicious user to physically login on a target host in a
Kerberos-based network, under the assumption that he knows a valid user
principal and has the ability to manipulate network traffic. Our research
shows that all recent versions of the Microsoft Windows operating systems
are vulnerable to the attack.

AFFECTED SYSTEMS:
Windows XP Service Pack 2
Windows Vista Service Pack 1
Windows 7
(using a Windows Server 2008 Domain Controller)

INFO:
More detailed info, with whitepaper and proof-of-concept code can be found
at:
http://secgroup.ext.dsi.unive.it/kerberos/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Windows Kerberos Authentication Bypass Tommaso Malgherini (Aug 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]