SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#477341

Microsoft PKINIT smart card logon vulnerable to information disclosure and spoofing

Overview

Microsoft PKINIT smart card authentication is vulnerable to an information disclosure flaw that may allow an attacker to spoof a trusted server.

I. Description

From the Microsoft PKINIT description:

    PKINIT is an Internet Engineering Task Force (IETF) Internet Draft for "Public Key Cryptography for Initial Authentication in Kerberos." Windows 2000 and later uses draft 9 of the IETF "Public Key Cryptography for Initial Authentication in Kerberos" Internet Draft. Windows uses this protocol when you use a smart card for interactive logon. IETF Internet Drafts are available at the following IETF Web site.


When PKINIT smart card authentication is used, an attacker may be able to inject themselves into an authentication session between a user and a domain controller and exploit this flaw. After exploiting the flaw, the attacker may spoof the application server to a target client. This flaw is due to a weakness in the older PKINIT protocol design specification that is implemented.

Both the attacker and the target user must have their accounts enabled for smart card authentication. The attacker must already have valid logon credentials in order to successfully exploit the flaw.

II. Impact

A remote, authenticated attacker that is able to intercept an authentication session between a user and domain controller may be able to gain confidential information and spoof a trusted application server to a targeted user.

III. Solution

Apply An Update

Please see Microsoft Security Bulletin MS05-042 for information on fixes, updates, and workarounds.

Systems Affected

VendorStatusDate NotifiedDate Updated
Apple Computer, Inc.Not Vulnerable9-Nov-2005
Heimdal Kerberos ProjectNot Vulnerable9-Nov-2005
KTH Kerberos TeamNot Vulnerable9-Nov-2005
Microsoft CorporationVulnerable9-Aug-2005
MIT Kerberos Development TeamNot Vulnerable9-Nov-2005

References


http://www.microsoft.com/technet/security/bulletin/MS05-042.mspx
http://secunia.com/advisories/16368/

Credit

Thanks to Microsoft for reporting this vulnerability, who in turn thank Andre Scedrov and his team; Iliano Cervesato, Aaron Jaggard , Joe-Kai Tsay , and Chris Walstad.

This document was written by Ken MacInnis.

Other Information

Date Public:2005-08-09
Date First Published:2005-11-09
Date Last Updated:2005-11-09
CERT Advisory: 
CVE-ID(s):CAN-2005-1982
NVD-ID(s):CAN-2005-1982
US-CERT Technical Alerts: 
Metric:4.56
Document Revision:11

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2005 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader