Articles New Kerberos Exploit for Bronze Bit attack Has Been...

New Kerberos Exploit for Bronze Bit attack Has Been Published


NetSPI security specialist Jake Karnes has published detailed information ( 1 , 2 ) about the CVE-2020-17049 vulnerability, as well as an exploit for it, calling his attack Kerberos Bronze Bit.

The underlying bug was discovered and fixed as early as November Patch Tuesday, but after installing the patches, many customers experienced serious disruptions: enterprise domain controllers were experiencing problems with Kerberos authentication. As a result, in December Microsoft was forced to release additional fixes that eliminated the difficulties encountered.

Kerberos Exploit for CVE-2020-17049

Let me remind you that Kerberos long ago replaced NTLM and became the default authentication protocol for domain-joined devices in all versions of Windows above Windows 2000. In November, it was known that the CVE-2020-17049 vulnerability could be exploited remotely and is related to Kerberos Constrained Delegation (KCD).

Now, Karnes writes that the Bronze Bit attack he created is a variation of the older and well-known Golden Ticket and Silver Ticket attacks against Kerberos. Interestingly, the attack was not named Bronze Ticket and was named Bronze Bit because it is based on flipping just one bit.

It is emphasized that all the above methods of post-compromise can be used only after the attacker has penetrated the company’s internal network. But if an attacker has infected at least one system on the company’s network and recovered the password hashes, they can use them to bypass and forge credentials from other systems on the same network if the network relies on Kerberos authentication protocol. The difference between Golden Ticket, Silver Ticket, and Bronze Bit is which parts of the Kerberos protocol the attacker exploits.

In the case of Bronze Bit, the attacker targets  the S4U2self and S4U2proxy protocols,   which Microsoft added to Kerberos as extensions. The Karnes exploit bypasses two security mechanisms for Kerberos delegation at once and provides hackers with the ability to lateral move around the network, escalate privileges, and allow them to impersonate another.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you