Security/Dollar Ticket Attack: Difference between revisions

From SambaWiki
(more documentation links)
Line 1: Line 1:
=The "Dollar Ticket Attack" / Name confusion in Kerberos=
=The "Dollar Ticket Attack" / Name confusion in Kerberos=


This page attempts to document the "Dollar Ticket Attack" on Active Directory. There are many other security issues, some related, that come form the same tree, including:
This page attempts to document the "Dollar Ticket Attack" on Active Directory servers and clients.

== Other related issues ==
There are many other security issues, some related, that come form the same tree, including:


* [https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4?gi=5613c787ced6 Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923)]
* [https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4?gi=5613c787ced6 Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923)]


== CVEs and Announcements ==
== CVEs and Announcements of the Nov 2021 issues ==


* [https://www.samba.org/samba/security/CVE-2020-25717.html Samba CVE-2020-25717 A user in an AD Domain could become root on domain members]
* [https://www.samba.org/samba/security/CVE-2020-25717.html Samba CVE-2020-25717 A user in an AD Domain could become root on domain members]
Line 13: Line 16:
* [https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041 Microsoft CVE-2021-42287 KB5008380—Authentication updates]
* [https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041 Microsoft CVE-2021-42287 KB5008380—Authentication updates]


* [https://www.cert.govt.nz/it-specialists/advisories/critical-vulnerability-in-windows-kerberos-protocol/ CERT NZ Announcement of AD DC security issue and patch]
==== Announcements ====

[https://www.cert.govt.nz/it-specialists/advisories/critical-vulnerability-in-windows-kerberos-protocol/ CERT NZ Announcement of AD DC security issue and patch]


== Talks ==
== Talks ==
Line 25: Line 26:
== Blogs ==
== Blogs ==


https://www.catalyst.net.nz/blog/stay-curious-dollar-ticket-security-issue
* [https://www.catalyst.net.nz/blog/stay-curious-dollar-ticket-security-issue Stay Curious: Lessons from the Dollar-ticket security issue]
* [https://www.catalyst.net.nz/blog/samba-team-fixes-microsoft-security-issue Catalyst Samba team fixes critical Microsoft security issue]


== Documentation ==
== Documentation ==


[https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/6435d3fb-8cf6-4df5-a156-1277690ed59c MS-KILE 3.3.5.6.1 Client Principal Lookup]
* [https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/6435d3fb-8cf6-4df5-a156-1277690ed59c MS-KILE 3.3.5.6.1 Client Principal Lookup]
* [https://datatracker.ietf.org/doc/html/rfc4120 RFC 4120 The Kerberos Network Authentication Service (V5)]
* [https://www.rfc-editor.org/rfc/rfc6806.html RFC6806 Kerberos Principal Name Canonicalization and Cross-Realm Referrals]

Revision as of 00:34, 11 July 2022