[32050] in Kerberos
Question about cryptographic protection of message fields
daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Fernando_Pere=F1=ED)
Mon Feb 15 17:11:41 2010
From: =?iso-8859-1?Q?Fernando_Pere=F1=EDguez_Garcia?= <pereniguez@um.es>
Date: Mon, 15 Feb 2010 14:51:55 +0100
Message-Id: <BEB82929-808F-4C02-A3E7-7E14409BACAA@um.es>
To: kerberos@mit.edu
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi all,
Looking for into the Kerberos specification and the MIT implementation, I've found that not all the fields defined in the Kerberos messages are cryptographically protected. For example, in the KDC-REQ/KDC-REP, the padata field is sent in clear and (at least) is not integrity protected. Therefore, an attacker can change the information contained in any of these fields and the client is not able to detect this attack. For this reason, I was wondering if my conclusions are right.
Thanks in advance,
Fernando.
---
------------------------------------------------------
Fernando Pereñíguez García
Dept. Information and Communications Engineering (DIIC)
Faculty of Computer Science
University of Murcia
30100 Murcia - Spain
Phone: +34 868 887882
E-mail: pereniguez@um.es
------------------------------------------------------
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
