SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#390280

KTH Kerberos Telnet implementations do not strictly enforce client encryption request

Overview

A vulnerability exists in the KTH Kerberos IV and Kerberos V (Heimdal) Telnet implementations. When a KTH Kerberos Telnet client requests data encryption and the server does not appear to support it, the client will establish the connection using no encryption. A properly located attacker can then capture and read the contents of the Telnet session.

I. Description

When a user requests an encrypted Kerberos Telnet connection, and encryption cannot be negotiated, the KTH Kerberos IV and Kerberos V (Heimdal) Telnet client implementations proceed to establish the connection using no encryption, transmitting data in clear text. Simon Josefsson has published a paper describing several active man-in-the-middle attacks against the Kerberos Telnet protocol. An underlying vulnerability in the protocol [VU#774587] lets an active man-in-the-middle attacker modify encryption options sent from the server to the client, making it appear that the server does not support encryption. In addition, the attacker can intercept warnings from the server that encryption is not enabled. When a user requests encryption and the server does not appear to support it, the KTH Kerberos Telnet client implementations continue negotiation and establish a connection with no encryption. One defense against this type of attack is for the Kerberos Telnet client to strictly enforce the user's request to encrypt the data stream and terminate the connection if encryption cannot be established.

II. Impact

An attacker with the ability to modify Kerberos Telnet negotiation commands sent from server to client may be able to cause the connection to negotiate less secure authentication and encryption options, including no encryption. The attacker may then be able to read data that the user presumes to be securely encrypted.

III. Solution

Enforce Client Encryption Preference

One defense against the attacks described in Josefsson's paper is to strictly enforce the client's preferences and abort the connection if authentication or encryption cannot be negotiated. The following is an excerpt from a man page entry for a BSD-derived telnet command option to enable data encryption:

    -x  Turn on encryption of the data stream.  When this option is turned on,  tel-
        net  will  exit  with  an error if authentication cannot be negotiated or if
        encryption cannot be turned on.

Josefsson references a patch for the KTH Kerberos V (Heimdal) implementation that enforces the client's encryption preference.

Confirm Data Encryption

Confirm that Telnet data is encrypted using a network sniffer.

Systems Affected

VendorStatusDate NotifiedDate Updated
BSDiUnknown10-Feb-2002
FreeBSDUnknown10-Feb-2002
KTH Kerberos Development TeamVulnerable15-Apr-2002
MIT Kerberos Development TeamNot Vulnerable10-Feb-2002
NetBSDUnknown10-Feb-2002
OpenBSDUnknown10-Feb-2002

References

VU#774587
http://josefsson.org/ktelnet/
http://www.pdc.kth.se/kth-krb/
http://www.pdc.kth.se/heimdal/

Credit

The CERT Coordination Center thanks Simon Josefsson for information used in this document.

This document was written by Art Manion.

Other Information

Date Public:2001-09-12
Date First Published:2002-02-11
Date Last Updated:2002-04-15
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Severity Metric:5.22
Document Revision:31

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2002 Carnegie Mellon University
Disclaimers and copyright information
Get a PDF Reader