Kerberos allows attackers into corporate networks

Kerberos has lost some of its bite, according to the US government, which on Wednesday warned of a critical flaw that could allow hackers to circumvent the secure networking system.

Kerberos was invented by MIT and is used by many large businesses as a way of keeping their networks secure. It uses strong encryption to verify the identity of any machine using a networked resource.

On Wednesday the Computer Incident Advisory Capability (CIAC) of the US government Department of Energy issued the warning, which originated at MIT. The flaw allows an attacker to gain unauthorised access to the key distribution centre (KDC), which authenticates users, effectively compromising the security of the entire network.

The problem lies with software in MIT Kerberos 5 called kadmind4 (Kerberos v4 compatibility administration daemon), which allows compatibility with older administrative clients. A buffer stack overflow allows an attacker to use a specially-formed request to gain access to the KDC with the privileges of a user running kadmind4. Since this is typically the "root" or highest-level user, the attacker would be able to run any code or make any changes to the KDC.

All releases of MIT Kerberos 5 are affected, including version 5-1.2.6. All Kerberos 4 implementations derived from MIT Kerberos 4 are also vulnerable, MIT said.

The CIAC's bulletin, with links to a patch, is available here.

MIT credited Johan Danielsson and Love Hornquist-Astrand for discovering the problem and providing the initial patch.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.