How does Kerberos' preauthentication increase security?
Fresh3 days ago
Mar 15, 202615958 viewsConfidence Score0%
0%
Problem
This FAQ entry (and the RFC itself) states that pre-authentication addresses a weakness in initial implementations of Kerberos that made it vulnerable to offline dictionary attacks. The FAQ state: The simplest form of preauthentication is known as PA-ENC-TIMESTAMP. This is simply the current timest…
Unverified for your environment
Select your OS to check compatibility.
1 Fix
Canonical Fix
Unverified Fix
New Fix – Awaiting Verification
Fix for: How does Kerberos' preauthentication increase security?
Low Risk
When you do not enforce pre-authentication, the attacker can directly send a dummy request for authentication. The KDC will return an encrypted TGT, and the attacker can brute force it offline. You will see nothing in your KDC logs except a single r…
Awaiting Verification
Be the first to verify this fix
Sign in to verify this fix