AndreasG - Fotolia
A security researcher recently discovered major authentication vulnerabilities in Microsoft Kerberos implementations that could enable several kinds of serious attacks. What are these authentication vulnerabilities, and what can be done about them?
The Kerberos protocol was developed by MIT in its Athena Project during the 1980s, and is one of the most widely used authentication methods today. It's a network authentication protocol that works on the basis of tickets, which allows users and services that communicate over a nonsecure network to prove their identities to each other in a secure manner. Clients obtain tickets from the Kerberos Key Distribution Center (KDC) and present them to servers or services they want to access. Microsoft adopted the Kerberos protocol as the preferred authentication protocol for Windows 2000 and subsequent Active Directory domains, but it doesn't use the MIT software, preferring instead to use its own proprietary extension to the Kerberos suite of protocols.
A Kerberos ticket represents a client's network credentials and is of huge interest to an attacker. Each ticket is encrypted with a symmetric key derived from the password of the server or service to which access is requested. To request a ticket, a special ticket called the Ticket Granting Ticket (TGT) must be presented to the Kerberos service. The TGT is encrypted with a secret key derived from the password of the krbtgt account, which is known only by the Kerberos service. A recent blog post by security researcher @dfirblog, details old but dangerous vulnerabilities in Microsoft's implementations of the Kerberos protocol, which would allow an attacker to obtain that secret key and bypass the authentication system. In a worst case scenario, this could allow an attacker to create a golden ticket and grant themselves full admin rights, and create secret passwords for existing users or for new users who don't exist.
This attack is possible in Microsoft's implementation of the Kerberos protocol because the KDC encrypts and signs TGTs and Privilege Attribute Certificate data, using the secret key derived from the krbtgt account password, an account that is created by default. Because this account is disabled and not used, the password is rarely changed; in the MIT implementation, the secret key is randomly chosen.
Microsoft has published documents, Mitigating Pass the Hash and Other Credential Theft, Versions 1 and 2, which discuss defense strategies to protect against various credential-based attacks. Administrators should follow the guidance found in these documents to improve the overall security of Kerberos-based authentication. Frequently changing the krbtgt account password can help to prevent forged tickets from being made. Microsoft has also made a script that will enable administrators to reset the krbtgt account password and related keys, while minimizing the likelihood of Kerberos protocol authentication issues being caused by the change. Security teams need to focus on protecting and monitoring privileged accounts and take advantage of Protected Users group and Credential Guard in Windows 10. Monitoring and detection tools should be tuned to spot anomalies in the logs generated by Kerberos, which should be running on a hardened and well-protected server.
Ask the Expert:
Want to ask Michael Cobb a question about application security? Submit your questions now via email. (All questions are anonymous.)
Learn how to mitigate Kerberos authentication's effects on backup
Find out what the best risk analysis methods are for your enterprise
Read about how your enterprise can prevent attacks done with compromised credentials
Dig Deeper on Privileged access management
Related Q&A from Michael Cobb
WhatsApp vulnerabilities can enable hackers to bypass end-to-end encryption and spoof messages. Expert Michael Cobb explains how these attacks work ... Continue Reading
Disabling Google location tracking involves more than turning off Location History. Learn how to manage your account settings to stop tracking ... Continue Reading
Compared to TLS 1.2, TLS 1.3 saw improvements in security, performance and privacy. Learn how TLS 1.3 eliminated vulnerabilities using cryptographic ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.