This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Since authentication is the first line of defence for security systems, if a threat actor gets past it, they can very much do whatever they want. Threat actors can log in as administrators and change configurations, get access to protected resources, and take control of appliances in order to steal sensitive data.
Silverfort discovered that all four security systems they examined – Cisco ASA, F5 Big-IP, IBM QRadar, and Palo Alto Networks PAN-OS – were vulnerable to bypass vulnerabilities due to the way they implemented the Kerberos and LDAP authentication protocols.
Kerberos was first introduced by Microsoft in Windows 2000. It’s also become the industry standard for websites and Single-Sign-On implementations on a variety of platforms. Kerberos is an open-source project maintained by the Kerberos Consortium. Microsoft Windows presently uses Kerberos authentication as its default authorization method, and Kerberos implementations are available for Apple OS, FreeBSD, UNIX, and Linux.
The Kerberos authentication protocol works in the following ways:
• The client asks the Key Distribution Center (KDC) for an authentication ticket (TGT).
• The KDC checks the credentials and returns an encrypted TGT as well as the session key.
• The Ticket Granting Service (TGS) secret key is used to encrypt the TGT.
Kerberos Authentication Spoofing: A Quick Look