Re: Kerberos login sniffer and cracker for Windows 2000/XP

From: Frank O'Dwyer (fod@LITTLECATZ.COM)
Date: 12/01/02

  • Next message: John Stanners: "Attachment blocking with Gordano Messaging Suite"
    Date:         Sun, 1 Dec 2002 11:23:20 -0000
    From: Frank O'Dwyer <fod@LITTLECATZ.COM>

    > I've coded a simple Kerberos login sniffer and cracker for Windows 2000/XP
    > that you might find useful. You can find it for download at:
    > Regards /Arne

    This should shed some light on the 'full disclosure' debate.

    The vulnerability used by this thing, and the associated fixes, are well
    known and documented in the literature for over a decade. I and others have
    been banging on about it for years. Several papers, including one of my own,
    have been written in an attempt to hammer home the message that tools like
    this one were possible and simply a matter of time.

    And yet somehow 1000s of admins have STILL got the message that Kerberos is
    'unsniffable'. There doesn't seem to have been any urgency from vendors to
    correct this impression, never mind the vulnerability itself. Instead
    solutions to the problem are currently quietly and slowly wending their way
    through the IETF process.

    What will happen now? Will there be a sudden scramble to implement fixes now
    that this tool has been announced? This guy hasn't put a nice GUI on the
    tool. Yet. Will we have to wait for that?

    After all the 'full disclosure' to and fro, is this sort of nonsense STILL
    what it takes to get information into the hands of users, and obvious
    security issues treated with urgency?

    Frank O'Dwyer

    Delivery co-sponsored by TruSecure Corporation
    Demonstrate your knowledge and understanding of core IT Security, become
    TICSA certified.

    Are you responsible for IT security in job function, but not necessarily
    in title? Do you want to prove your IT security knowledge and increase
    opportunities? Interested? Visit;

    for more information.