[12100] in Kerberos-V5-bugs
[krbdev.mit.edu #6967] Kerberos weakness
daemon@ATHENA.MIT.EDU (Shelby@krbdev.MIT.EDU, James " via)
Fri Sep 30 13:15:03 2011
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: Shelby@krbdev.MIT.EDU, James " via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6967@krbdev.mit.edu>
Message-ID: <rt-6967-34299.1.10955590390638@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6967'":;"'AdminCc of krbdev.mit.edu Ticket #6967'":;@MIT.EDU
Date: Fri, 30 Sep 2011 13:09:01 -0400 (EDT)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Is there a reason that the current Kerberos allows a KRB5CCNAME file to be created instead of being in memory? This appears to be a weak link in the security of the Kerberos protocol as the file can be moved from system and allow passwordless access to resources the account has access to. If crafted correctly a compromised system could modify the /etc/krb5.conf file to allow maximum ticket life and renewal then capture keys on the multiuser/compromised system and allow the keys to be moved from system to system with full access. Shouldn't the Kerberos tickets be stored in protected memory somehow or in a more secure way?
James Shelby
NREL - Linux Desktop Integrations
(303) 275-3298 Desk/Cell
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
