KrbOfferedEncryptionTypes setting isn't always respected #19126

smashery · 2024-04-24T02:52:34Z

The KrbOfferedEncryptionTypes setting isn't respected if there's already a "matching" ticket in the kerberos cache.

Steps to reproduce

Setup: clear the kerberos cache (klist -d)
Use a kerberos-supported module
Run the module with kerberos auth (should default to AES256)
Observe the communications in wireshark - will likely be AES256
Note that the kerberos cache now has tickets (klist)
Re-run the module, forcibly setting krbofferedencryptiontypes to RC4-HMAC
Observe the communications in wireshark - should be RC4-HMAC, but is actually AES256
Delete kerberos tickets: klist -d
Re-run the module, forcibly setting krbofferedencryptiontypes to RC4-HMAC
Observe the communications in wireshark - is now RC4-HMAC

If an encryption type is set that does not match tickets in the kerberos cache, it should re-request a Kerberos ticket OR warn the user about this edge case

Tested on metasploit commit: c9dfb7e

The text was updated successfully, but these errors were encountered:

Neustradamus · 2024-05-07T14:28:19Z

To follow :)

smashery added the bug label Apr 24, 2024

smashery mentioned this issue Apr 24, 2024

Ldap signing #19127

Merged

15 tasks