Print
Discuss
Send to friend
RSS feedsUsing the controversial security protocol Kerberos exposes network systems to attacks by hackers, a security analyst has warned.
Researcher NTA Monitor found that current versions of Kerberos released by key developer MIT contain several high-risk security vulnerabilities.
Kerberos is widely used for secure user identification on Unix platforms.
The protocol is an open security standard for strongly encrypted user authentication. It secures passwords sent over a network by encrypting them both on and off the server.
NTA Monitor analyst Deri Jones said server components in versions four and five of Kerberos contain flaws, which potentially allow attackers to gain root access to Kerberos servers and execute shell commands. Other vulnerabilities include buffer overflow flaws and Denial of Service attacks.
Jones said that because MIT are the key developers of the protocol, "its implementation would be widespread across security products such as firewalls and VPNs." He said that if intruders are able to access dedicated Kerberos servers, it would be very embarrassing for companies" because the technology works on a client server model.
MIT has said that it plans to release a patch addressing the flaws, which will bring the version up to 5.12. Vendors who incorporate MIT's version of Kerberos into their software are also developing patches for their websites.
Jones said that MIT's patch would be the most crucial because other vendors will base theirs upon it "and are typically one or two versions behind the current anyway," he said.
Microsoft recently developed an implementation for Windows 2000, which fuelled other developers' anger because it contained modified code that Microsoft did not release to the public, theoretically breaching open source guidelines.
See also:
All Hacking
del.icio.us
Digg this
reddit!
