Replaying and server side caching.

Matt Crawford crawdad at
Mon Apr 14 16:17:34 EDT 2003

> > darrenr> If the attacker can re-use a TGT request that has
> > darrenr> already been sent to cause a valid TGT response to come
> > darrenr> back, then the attacker can gain access where perhaps
> > darrenr> they previously could not.
> > 
> > The TGT response won't do an attacker much good without the session
> > key.
> Except that an AS-REP is encrypted in the user's long-term key,
> which allows for an offline dictionary attack.

Except that it's an unusual network state that lets the attacker
eavesdrop the request (to replay it) but not the original reply.

More information about the krbdev mailing list