[2821] in Kerberos-V5-bugs
krb5-appl/500: kshd does not check checksums by default
daemon@ATHENA.MIT.EDU (ghudson@MIT.EDU)
Mon Nov 17 15:48:25 1997
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, ghudson@MIT.EDU
Date: Mon, 17 Nov 1997 15:47:18 -0500
From: ghudson@MIT.EDU
Reply-To: ghudson@MIT.EDU
To: krb5-bugs@MIT.EDU
>Number: 500
>Category: krb5-appl
>Synopsis: kshd is open to replay attacks by default
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Nov 17 15:48:01 EST 1997
>Last-Modified:
>Originator: Greg Hudson
>Organization:
MIT
>Release: 1.0
>Environment:
System: SunOS small-gods 5.5.1 Generic_103640-12 sun4m sparc SUNW,SPARCstation-5
Architecture: sun4
>Description:
The logic surrounding krb5_checksum_required and
krb5_checksum_ignored has changed several times, but it wound up
broken. According to Sam, the default behavior is supposed to be:
If an authenticator has a checksum, it is checked.
This way, if you always use checksums in your rsh requests, you're
okay, and if you have an old client, you're vulnerable to replay
attacks but you can still use kshd. Unfortunately, the default
behavior actuall is:
Checksums are never checked.
So unless you give kshd the -c option, you are vulnerable to replay
attacks even if clients are using perfectly good, checksummed
authenticators.
>How-To-Repeat:
>Fix:
None provided. Someone should look at the code *carefully*, and make
it do the right thing; this problem arose because people made careless
changes to security-critical logic.
>Audit-Trail:
>Unformatted:
