Password change protocol rework, round 2

Sam Hartman hartmans at MIT.EDU
Tue Mar 9 18:49:18 EST 2004

>>>>> "Ken" == Ken Hornstein <kenh at> writes:

    >>> Well ... I don't think so.  "replay" really is more
    >>> appropriate here.
    >>  No, the kpasswd protocol MUST be replay protected, otherwise
    >> bad things happen.

    Ken> Really?  I guess it's not obvious to me what the dangers are
    Ken> of a replayed password change attempt (since presumably an
    Ken> attacker doesn't know the session key to put a new password
    Ken> in the KRB-PRIV).  But I just realized one thing ... if you
    Ken> have a password history, a retransmitted password change
    Ken> request will fail, so clearly the only option is a lookaside
    Ken> cache.

I think the danger is they replay both a krb_priv and a krb_req.

More information about the krbdev mailing list