Kerberos Man In The Middle Attack: is this feasible?

Sam Hartman hartmans at MIT.EDU
Wed Oct 15 12:03:48 EDT 2003

>>>>> "Calimer0" == Calimer0  <cryos98 at> writes:

    Calimer0> important.  I know Kerberos is designed to securely
    Calimer0> authenticate principals in a not secure network
    Calimer0> environment, and this is just the reason of my post
    Calimer0> here.  The attack described, if feasible, shows that
    Calimer0> Kerberos can sometimes fail if an attacker has complete
    Calimer0> control of the network.  I would like to understand if
    Calimer0> my conclusions are true or not, because unfortunately
    Calimer0> I've not enough time and knowledge to experiment..

A protocol that does not require integrity protection of the exchanged
messages may be vulnerable to this attack.  But for example, SASL
protocols such as Kerberos authenticated LDAP, IMAP and SMTP are not
vulnerable to this attack.

More information about the Kerberos mailing list