Question about cryptographic protection of message fields
Greg Hudson
ghudson at MIT.EDU
Mon Feb 15 18:37:13 EST 2010
On Mon, 2010-02-15 at 08:51 -0500, Fernando Pereñíguez Garcia wrote:
> Hi all,
> Looking for into the Kerberos specification and the MIT
> implementation, I've found that not all the fields defined in the
> Kerberos messages are cryptographically protected. For example, in the
> KDC-REQ/KDC-REP, the padata field is sent in clear and (at least) is
> not integrity protected. Therefore, an attacker can change the
> information contained in any of these fields and the client is not
> able to detect this attack. For this reason, I was wondering if my
> conclusions are right.
Yes, some fields of the Kerberos message exchanges are unprotected, and
the design of what goes into those fields needs to take that into
account. Also see the security considerations section of RFC 4120 for
some consequences, such as this:
Kerberos credentials contain clear-text information identifying the
principals to which they apply. If privacy of this information is
needed, this exchange should itself be encapsulated in a protocol
providing for confidentiality on the exchange of these credentials.
There is a new extension called FAST which protects more of the KDC
exchange when used; see:
http://tools.ietf.org/html/draft-ietf-krb-wg-preauth-framework-15
More information about the Kerberos
mailing list