[1011] in Kerberos_V5_Development


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Transarc on the kerberos hole

daemon@ATHENA.MIT.EDU (Richard Basch)
Mon Feb 19 22:39:47 1996

Date: Mon, 19 Feb 1996 22:39:27 -0500
From: basch@lehman.com (Richard Basch)
To: krbdev@MIT.EDU

I described to Transarc the problem... Their session key generator is not
vulnerable, however, the kaserver KDB creation does have a similar hole.
In fact, I described the hole to them three years ago, but I have just
re-iterated it to them...  I broke their kaserver creation a long time ago,
with exactly the same technique (it creates the krbtgt and AuthServer.Admin
keys based on the same weak sources).

-Richard


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[1011] in Kerberos_V5_Development

Re: Transarc on the kerberos hole

daemon@ATHENA.MIT.EDU (Richard Basch)Mon Feb 19 22:39:47 1996

daemon@ATHENA.MIT.EDU (Richard Basch)
Mon Feb 19 22:39:47 1996