lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Aug 2010 19:51:51 +0200 From: Tommaso Malgherini <mamaragan@...il.com> To: bugtraq <bugtraq@...urityfocus.com> Subject: Windows Kerberos Authentication Bypass OVERVIEW: A vulnerability was found in all recent Windows operating systems. The attack allows a malicious user to physically login on a target host in a Kerberos-based network, under the assumption that he knows a valid user principal and has the ability to manipulate network traffic. Our research shows that all recent versions of the Microsoft Windows operating systems are vulnerable to the attack. AFFECTED SYSTEMS: Windows XP Service Pack 2 Windows Vista Service Pack 1 Windows 7 (using a Windows Server 2008 Domain Controller) INFO: More detailed info, with whitepaper and proof-of-concept code can be found at: http://secgroup.ext.dsi.unive.it/kerberos/
Powered by blists - more mailing lists