One Article Review
| Source |  ProjectZero |
|---|---|
| Identifiant | 8221925 |
| Date de publication | 2022-10-27 12:48:24 (vue: 2022-11-25 18:05:33) |
| Titre | RC4 Is Still Considered Harmful |
| Texte | By James Forshaw, Project ZeroI've been spending a lot of time researching Windows authentication implementations, specifically Kerberos. In June 2022 I found an interesting issue number 2310 with the handling of RC4 encryption that allowed you to authenticate as another user if you could either interpose on the Kerberos network traffic to and from the KDC or directly if the user was configured to disable typical pre-authentication requirements.This blog post goes into more detail on how this vulnerability works and how I was able to exploit it with only a bare minimum of brute forcing required. Note, I'm not going to spend time fully explaining how Kerberos authentication works, there's plenty of resources online. For example this blog post by Steve Syfuhs who works at Microsoft is a good first start.BackgroundKerberos is a very old authentication protocol. The current version (v5) was described in RFC1510 back in 1993, although it was updated in RFC4120 in 2005. As Kerberos' core security concept is using encryption to prove knowledge of a user's credentials the design allows for negotiating the encryption and checksum algorithms that the client and server will use. For example when sending the initial authentication service request (AS-REQ) to the Key Distribution Center (KDC) a client can specify a list supported encryption algorithms, as predefined integer identifiers, as shown below in the snippet of the ASN.1 definition from RFC4120. |
| Envoyé | Oui |
| Condensat | etype caddr endtime flags key last nonce patimestamp renew sname starttime as even for however if the this to we 0x00 0x14 0x81 0x82 0x83 0xab 128 1280 128kerberos 132rsadsi 133 133rsadsi 134rsadsi 135rsadsi 136rsadsi 140rsadsi 141kerberos 148kerberos 149encryption 17kerberos 18kerberos 1993 1rsadsi 2000 2005 2006 2022 2310 23kerberos 240 24rsadsi 256 33647 33679 3kerberos 96 ::= ;the ability able above abuse acceptable accepted access account accounts across actually add added additional administrator advantage aes aes128 aes256 affect after against algorithm algorithms all allowed allowing allowoldnt4crypto allows almost already also alternative alternatively although always another any anything apply approach appropriate arbitrary are armoring around ascii asn associated assume attack attacker attacks attacks:the attempt attempts authenticate authenticated authenticates authentication back backgroundkerberos bad bare base based basically because becomes been before behavior being below below:encrypteddata best better between big biggest bit bits blessing blinding block blog body booted both break bring brute buffer built but byte bytes calculate calculated call called can capture captured catastrophic cbc cdlocatecsystem center certain chance change changes character check checks checksum choose chosen cipher ciphertext clear client clients clones code combined comes common commonly communications compatibility competent complete completed complexity component compromise compromised computer concept concern configuration configured confounder connection considered contain containing contains continue controller convert core correctly corresponds could couldn cover crack cracking crc credential credentials cryptdll crypto cryptographic cts current currently curse cve data dates decided decrypt decrypting decryption deep default defender defined definitely definition depends der derivation derived deriving des described design detail detect developers diagram didn different difficult digits directly disable disabled disables disabling distinguished distribution dll documentation does doesn domain done downgrading draft due easy ecrypt ecrypt** edr eff either else enabled enc encode encoded encoding encrypt encrypted encrypteddata encryption encryptionkey encryptiontype encryptiontype end endian enforce engine engineer enough entire entirely entry environment err error etc etype even everything example examples existed existing exp expect expiration explaining explicitly exploit exploitation exploited export exported extending extract failed fails fairly far fast faster feasible felt field final find first fix fixed fixesthe flag flexibility following following:we force forces forcing form format forms forshaw fortunately found from fully function function:ntstatus functional functions gathering general generate generated generating generation get getting giant goal goes going good got granting green group guard guess guessed guessing had handling happen hardware harmful has hash hashed hasn have having hex hmac hoped hostaddresses how however idea identifiers ignored immediate immediately impactful implementation implementations implementationwhile implemented implements important impossible include includes increases incredibly indicating indication info2 information initial inject injecting insecure inside inspect instead int int32 integer integrity interception interesting interface inte |
| Tags | Vulnerability Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.