[6722] in Kerberos
Re: Kerberos Weakness (COAST Findings)
daemon@ATHENA.MIT.EDU (John Hascall)
Wed Feb 21 15:19:16 1996
To: kerberos@MIT.EDU
Date: 21 Feb 1996 17:48:59 GMT
From: john@iastate.edu (John Hascall)
Michael Sierchio <kudzu@dnai.com> wrote:
}Steve Lodin wrote:
}>
}> There is information available on the Kerberos vulnerability incident at:
}
}I am not sure, but I believe that this is nothing new. Steve Bellovin at
}AT&T had a paper a number of years ago on weaknesses in the Kerberos
}Authentication Suite.
I don't recall it being in the Bellovin paper, but
it's definitely not new. Anyone who has looked at
that section of the code has surely had the flaw
practically leap out and slap them in the face.
It's been fixed in (at least) a couple of commercial KrbIV
implementations for years.
John
--
John Hascall ``An ill-chosen word is the fool's messenger.''
Moderator, comp.unix.wizards
Systems Software Engineer, ISU Comp Center + Ames, IA 50011 + 515/294-9551
<a href="http://www.cc.iastate.edu/staff/systems/john/">My Homepage</a>
