What happens if my KDC is compromised?

Bram Cymet bcymet at cbnco.com
Fri Sep 17 08:36:54 EDT 2010


  On 09/17/2010 08:16 AM, John Hascall wrote:
>> What would be the implications if my KDC was compromised and an attacker
>> got a hold of the KDB or in my case the LDAP directory storing principal
>> information?
> The implication is you are now well and truly f***ed.
>
> Were I wearing a black hat, the first thing I'd do
> is install a modified kadmind<1>  and steal the actual
> passwords it sees.
>
> Or if I was impatient, with 'kinit -C' I'd just forge
> me some tickets.
>
> If all they got was the KDB, then they would still have
> the luxury of off-line cracking.
>
>
> John
>
> <1>  As an aside, in fact, many years ago I did almost this very thing.
> When we were discussing increasing our minimum password strength
> standards from 5-chars/2-sets I used a modified kadmind to dump, not
> actual passwords, but just statistical info.  As expected, most people
> did the minimum: well over half the passwords were 4 lowercase letters
> followed by a digit).  It was a pretty trivial exercise.
Well lets look at the situation where all they got was the KDB. I don't 
think the off-line cracking is really needed. Since they have the hash 
of the password they could just kinit using that as the shared key. I 
don't think the kinit tools as they are now could do it but it could be 
done with some modifications. So I don't think that they need to be able 
to derive the actual password. So in other words if someone has the KDB 
(and not root on the server) then they could impersonate any one that 
authenticates against that KDC.

Or am I missing something?

-- 
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
Cell: 613-608-9752





More information about the Kerberos mailing list