[krbdev.mit.edu #6967] Kerberos weakness
Shelby@krbdev.mit.edu
Shelby at krbdev.mit.edu
Fri Sep 30 13:09:01 EDT 2011
Is there a reason that the current Kerberos allows a KRB5CCNAME file to be created instead of being in memory? This appears to be a weak link in the security of the Kerberos protocol as the file can be moved from system and allow passwordless access to resources the account has access to. If crafted correctly a compromised system could modify the /etc/krb5.conf file to allow maximum ticket life and renewal then capture keys on the multiuser/compromised system and allow the keys to be moved from system to system with full access. Shouldn't the Kerberos tickets be stored in protected memory somehow or in a more secure way?
James Shelby
NREL - Linux Desktop Integrations
(303) 275-3298 Desk/Cell
More information about the krb5-bugs
mailing list