Kerberos Man In The Middle Attack: is this feasible?
Sam Hartman
hartmans at MIT.EDU
Wed Oct 15 12:03:48 EDT 2003
>>>>> "Calimer0" == Calimer0 <cryos98 at yahoo.com> writes:
Calimer0> important. I know Kerberos is designed to securely
Calimer0> authenticate principals in a not secure network
Calimer0> environment, and this is just the reason of my post
Calimer0> here. The attack described, if feasible, shows that
Calimer0> Kerberos can sometimes fail if an attacker has complete
Calimer0> control of the network. I would like to understand if
Calimer0> my conclusions are true or not, because unfortunately
Calimer0> I've not enough time and knowledge to experiment..
A protocol that does not require integrity protection of the exchanged
messages may be vulnerable to this attack. But for example, SASL
protocols such as Kerberos authenticated LDAP, IMAP and SMTP are not
vulnerable to this attack.
More information about the Kerberos
mailing list