[6690] in Kerberos
Re: Kerberos Weakness (COAST Findings)
daemon@ATHENA.MIT.EDU (Jonathan Kamens)
Sun Feb 18 13:07:55 1996
To: kerberos@MIT.EDU
Date: 18 Feb 1996 17:59:29 GMT
From: jik@annex-1-slip-jik.cam.ov.com (Jonathan Kamens)
In article <w13f8861ta.fsf@uther.cs.purdue.edu>, spaf@cs.purdue.edu (Gene Spafford) writes:
|> 5) The attack against Kerberos 5 appears to be of theoretical
|> interest only, as it requires extensive computational resources to
|> exploit. In any event, I have discussed a fix for this with Ted Ts'o
|> and there are several ways to eliminate the threat, at least one of
|> which is likely to be included in future releases of version 5.
Is an MIT Kerberos V5 KDC running with Kerberos V4 compatibility (i.e.,
responding to V4 requests) vulnerable to this attack?
I suppose another way to ask the same question is, "Does the attack exploit a
vlunerability in the V4 protocol or its implementation?"
