Kerberos Man In The Middle Attack: is this feasible?

Calimer0 cryos98 at yahoo.com
Tue Oct 14 15:35:52 EDT 2003


Marcus, thank you for your reply.

> MIT has a bunch of neat basic papers on kerberos.  You should
> definitely find and read them.  

I want specify I'm not a total Kerberos beginner: I've read RFC 1510,
several introductory docs, MIT install/admin/user guides and so on;
I've played with MIT kerberos, Heimdal and Windows 2000 Kerberos for a
while..but maybe I was not able to understand something important.
I know Kerberos is designed to securely authenticate principals in a
not secure network environment, and  this is just the reason of my
post here.  The attack  described, if feasible, shows that Kerberos
can sometimes fail if an attacker has complete control of the network.
I would like to understand if my conclusions are true or not, because
unfortunately I've not enough time and knowledge to experiment..

> In partial answer of your question, yes, kerberos is designed to deal
> with the case you mention.  

Can you please specify, technically, how Kerberos deals with the
attack described?
My opinion is that after such attack:
- an attacker can succesfully authenticate to the application server
- he can not use KRB_PRIV messages, because he ignores the session
key.
- he can receive KRB_SAFE messages, that are transmitted in the clear.
Briefly, attacker's capabilities depends on how the secret key
included in message KRB_AP_REQ is used after  authentication.

Feel free to contradict me   :)
best regards

mark


More information about the Kerberos mailing list