A vulnerability exists in the KTH Kerberos IV and Kerberos V (Heimdal) Telnet implementations. When a KTH Kerberos Telnet client requests data encryption and the server does not appear to support it, the client will establish the connection using no encryption. A properly located attacker can then capture and read the contents of the Telnet session.
When a user requests an encrypted Kerberos Telnet connection, and encryption cannot be negotiated, the KTH Kerberos IV and Kerberos V (Heimdal) Telnet client implementations proceed to establish the connection using no encryption, transmitting data in clear text. Simon Josefsson has published a paper describing several active man-in-the-middle attacks against the Kerberos Telnet protocol. An underlying vulnerability in the protocol [VU#774587] lets an active man-in-the-middle attacker modify encryption options sent from the server to the client, making it appear that the server does not support encryption. In addition, the attacker can intercept warnings from the server that encryption is not enabled. When a user requests encryption and the server does not appear to support it, the KTH Kerberos Telnet client implementations continue negotiation and establish a connection with no encryption. One defense against this type of attack is for the Kerberos Telnet client to strictly enforce the user's request to encrypt the data stream and terminate the connection if encryption cannot be established.
An attacker with the ability to modify Kerberos Telnet negotiation commands sent from server to client may be able to cause the connection to negotiate less secure authentication and encryption options, including no encryption. The attacker may then be able to read data that the user presumes to be securely encrypted.
Enforce Client Encryption Preference
One defense against the attacks described in Josefsson's paper is to strictly enforce the client's preferences and abort the connection if authentication or encryption cannot be negotiated. The following is an excerpt from a man page entry for a BSD-derived telnet command option to enable data encryption:
The CERT Coordination Center thanks Simon Josefsson for information used in this document.
This document was written by Art Manion.
|Date First Published:
|Date Last Updated:
|2002-04-15 20:21 UTC