WebApp Sec: Re: Quiz: Can you spot the flaw

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Re: Quiz: Can you spot the flaw

From: Saqib Ali <docbook.xml () gmail com>
Date: Tue, 5 Jul 2005 14:27:28 -0700

It is listed as:

[Key(client, TGS)]Key(client)

The TGS shouldn't know the secret key of the client.  In addition, the
client already has Key(client, TGS), what it needs is
Key(client,service) to communicate with the Service Server.

So it should be:

[Key(client, service)]Key(client, TGS)


yup you got it! :)

Do I win a prize?

yup. Should I send it to your Eugene, Oregon address?


-- 
In Peace,
Saqib Ali
http://www.xml-dev.com/

By Date By Thread

Current thread:

Quiz: Can you spot the flaw Saqib Ali (Jul 04)
- <Possible follow-ups>
- Re: Quiz: Can you spot the flaw kbucher (Jul 05)
  - Re: Quiz: Can you spot the flaw Saqib Ali (Jul 05)