Security/Dollar Ticket Attack: Difference between revisions
From SambaWiki
(more documentation links) |
|||
Line 1: | Line 1: | ||
=The "Dollar Ticket Attack" / Name confusion in Kerberos= |
=The "Dollar Ticket Attack" / Name confusion in Kerberos= |
||
This page attempts to document the "Dollar Ticket Attack" on Active Directory |
This page attempts to document the "Dollar Ticket Attack" on Active Directory servers and clients. |
||
== Other related issues == |
|||
There are many other security issues, some related, that come form the same tree, including: |
|||
* [https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4?gi=5613c787ced6 Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923)] |
* [https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4?gi=5613c787ced6 Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923)] |
||
== CVEs and Announcements == |
== CVEs and Announcements of the Nov 2021 issues == |
||
* [https://www.samba.org/samba/security/CVE-2020-25717.html Samba CVE-2020-25717 A user in an AD Domain could become root on domain members] |
* [https://www.samba.org/samba/security/CVE-2020-25717.html Samba CVE-2020-25717 A user in an AD Domain could become root on domain members] |
||
Line 13: | Line 16: | ||
* [https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041 Microsoft CVE-2021-42287 KB5008380—Authentication updates] |
* [https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041 Microsoft CVE-2021-42287 KB5008380—Authentication updates] |
||
⚫ | |||
==== Announcements ==== |
|||
⚫ | |||
== Talks == |
== Talks == |
||
Line 25: | Line 26: | ||
== Blogs == |
== Blogs == |
||
https://www.catalyst.net.nz/blog/stay-curious-dollar-ticket-security-issue |
* [https://www.catalyst.net.nz/blog/stay-curious-dollar-ticket-security-issue Stay Curious: Lessons from the Dollar-ticket security issue] |
||
* [https://www.catalyst.net.nz/blog/samba-team-fixes-microsoft-security-issue Catalyst Samba team fixes critical Microsoft security issue] |
|||
== Documentation == |
== Documentation == |
||
[https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/6435d3fb-8cf6-4df5-a156-1277690ed59c MS-KILE 3.3.5.6.1 Client Principal Lookup] |
* [https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/6435d3fb-8cf6-4df5-a156-1277690ed59c MS-KILE 3.3.5.6.1 Client Principal Lookup] |
||
* [https://datatracker.ietf.org/doc/html/rfc4120 RFC 4120 The Kerberos Network Authentication Service (V5)] |
|||
* [https://www.rfc-editor.org/rfc/rfc6806.html RFC6806 Kerberos Principal Name Canonicalization and Cross-Realm Referrals] |
Revision as of 00:34, 11 July 2022
The "Dollar Ticket Attack" / Name confusion in Kerberos
This page attempts to document the "Dollar Ticket Attack" on Active Directory servers and clients.
There are many other security issues, some related, that come form the same tree, including:
CVEs and Announcements of the Nov 2021 issues
Talks
- Kawaiicon: Live stream replay @ Youtube PDF without embedded video (shorter, more focus on the remaining still open issues)
Blogs
- Stay Curious: Lessons from the Dollar-ticket security issue
- Catalyst Samba team fixes critical Microsoft security issue