CVE-2019-12098 – Heimdal design limitation causes man-in-the-middle attack Vulnerability – 20th May 2019

Preface: Before Kerberos, Microsoft used an authentication technology called NTLM.

Technical background: The biggest difference between the two systems is the third-party verification and stronger encryption capability in Kerberos. Kerberos version 4 was targeted at Project Athena in 80s. Neuman and Kohl published version 5 in 1993 to improve the limitations and enhance the security.
Heimdal is an implementation of Kerberos 5 and large footprint in Sweden.

About PKINIT:
Specifies the Public Key Cryptography for Initial Authentication (PKINIT) in Kerberos Protocol. This protocol enables the use of public key cryptography in the initial authentication exchange of the Kerberos Protocol (PKINIT) and specifies the Windows implementation of PKINIT where it differs from [RFC4556].

Vulnerability Details:
RFC8062 Section 7 requires verification of the PA-PKINIT-KX key exchange when anonymous PKINIT is used. Failure to do so can permit an active attacker to conduct MITM.

Comment: This vulnerability not only happen in Heimdal open source product. Believe that it will have more vendor report similar problem afterwards. Heimdal has released updates via following link: https://github.com/heimdal/heimdal/tags

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.