Difference between revisions of "Security/Dollar Ticket Attack"

From SambaWiki
(more documentation links)
Line 1: Line 1:
 
=The "Dollar Ticket Attack" / Name confusion in Kerberos=
 
=The "Dollar Ticket Attack" / Name confusion in Kerberos=
   
This page attempts to document the "Dollar Ticket Attack" on Active Directory. There are many other security issues, some related, that come form the same tree, including:
+
This page attempts to document the "Dollar Ticket Attack" on Active Directory servers and clients.
  +
  +
== Other related issues ==
  +
There are many other security issues, some related, that come form the same tree, including:
   
 
* [https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4?gi=5613c787ced6 Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923)]
 
* [https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4?gi=5613c787ced6 Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923)]
   
== CVEs and Announcements ==
+
== CVEs and Announcements of the Nov 2021 issues ==
   
 
* [https://www.samba.org/samba/security/CVE-2020-25717.html Samba CVE-2020-25717 A user in an AD Domain could become root on domain members]
 
* [https://www.samba.org/samba/security/CVE-2020-25717.html Samba CVE-2020-25717 A user in an AD Domain could become root on domain members]
Line 13: Line 16:
 
* [https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041 Microsoft CVE-2021-42287 KB5008380—Authentication updates]
 
* [https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041 Microsoft CVE-2021-42287 KB5008380—Authentication updates]
   
 
* [https://www.cert.govt.nz/it-specialists/advisories/critical-vulnerability-in-windows-kerberos-protocol/ CERT NZ Announcement of AD DC security issue and patch]
==== Announcements ====
 
 
[https://www.cert.govt.nz/it-specialists/advisories/critical-vulnerability-in-windows-kerberos-protocol/ CERT NZ Announcement of AD DC security issue and patch]
 
   
 
== Talks ==
 
== Talks ==
Line 25: Line 26:
 
== Blogs ==
 
== Blogs ==
   
https://www.catalyst.net.nz/blog/stay-curious-dollar-ticket-security-issue
+
* [https://www.catalyst.net.nz/blog/stay-curious-dollar-ticket-security-issue Stay Curious: Lessons from the Dollar-ticket security issue]
  +
* [https://www.catalyst.net.nz/blog/samba-team-fixes-microsoft-security-issue Catalyst Samba team fixes critical Microsoft security issue]
   
 
== Documentation ==
 
== Documentation ==
   
[https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/6435d3fb-8cf6-4df5-a156-1277690ed59c MS-KILE 3.3.5.6.1 Client Principal Lookup]
+
* [https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/6435d3fb-8cf6-4df5-a156-1277690ed59c MS-KILE 3.3.5.6.1 Client Principal Lookup]
  +
* [https://datatracker.ietf.org/doc/html/rfc4120 RFC 4120 The Kerberos Network Authentication Service (V5)]
  +
* [https://www.rfc-editor.org/rfc/rfc6806.html RFC6806 Kerberos Principal Name Canonicalization and Cross-Realm Referrals]

Revision as of 00:34, 11 July 2022