This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
APP:KERBEROS:KRB5-MITM-DES
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
APP
|
Keywords |
Kerberos MITM DES
|
Release Date |
2011/02/07
|
Update Number |
1861
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
APP: Kerberos MITM DES
This signature detects attempts to exploit a known vulnerability against Kerberos. Attackers can create a Man-in-the-Middle situation by lowering the supported encryption to only algorithms that can be easily cracked.
Extended Description
The Microsoft Windows implementation of Kerberos is prone to a security vulnerability that may allow attackers to downgrade the cipher suite.
Successful exploits may allow attackers to change the default encryption standard to DES. This may allow attackers to read and forge all Kerberos traffic in a session and impersonate legitimate users. Other attacks are also possible.
Affected Products
- Avaya aura_conferencing 6.0 SP1 Standard
- Avaya aura_conferencing 6.0 Standard
- Avaya callpilot 4.0
- Avaya callpilot 5.0
- Avaya communication_server_1000_telephony_manager 3.0
- Avaya communication_server_1000_telephony_manager 4.0
- Avaya meeting_exchange 5.0
- Avaya meeting_exchange 5.0.0.0.52
- Avaya meeting_exchange 5.0 SP1
- Avaya meeting_exchange 5.0 SP2
- Avaya meeting_exchange 5.1
- Avaya meeting_exchange 5.1 SP1
- Avaya meeting_exchange 5.2
- Avaya meeting_exchange 5.2 SP1
- Avaya meeting_exchange 5.2 SP2
- Avaya meeting_exchange-client_registration_server
- Avaya meeting_exchange-recording_server
- Avaya meeting_exchange-streaming_server
- Avaya meeting_exchange-web_conferencing_server
- Avaya meeting_exchange-webportal
- Avaya messaging_application_server 5
- Avaya messaging_application_server 5.2
- Microsoft windows 7
- Microsoft windows_7 Beta
- Microsoft windows_7 RC
- Microsoft windows_7_for_32-bit_systems SP1
- Microsoft windows_7_for_32-bit_systems
- Microsoft windows_7_for_itanium-based_systems
- Microsoft windows_7_for_x64-based_systems SP1
- Microsoft windows_7_for_x64-based_systems
- Microsoft windows_7_home_premium
- Microsoft windows_7_professional
- Microsoft windows_7_starter
- Microsoft windows_7_ultimate
- Microsoft windows_7_xp_mode
- Microsoft windows_server 2008 R2
- Microsoft windows_server_2008 SP2 Beta
- Microsoft windows_server_2008 - Sp2 Enterprise X64
- Microsoft windows_server_2008_datacenter_edition Release Candidate
- Microsoft windows_server_2008_datacenter_edition SP2
- Microsoft windows_server_2008_datacenter_edition
- Microsoft windows_server_2008_enterprise_edition Release Candidate
- Microsoft windows_server_2008_enterprise_edition SP2
- Microsoft windows_server_2008_enterprise_edition
- Microsoft windows_server_2008_for_32-bit_systems SP2
- Microsoft windows_server_2008_for_32-bit_systems
- Microsoft windows_server_2008_for_itanium-based_systems R2
- Microsoft windows_server_2008_for_itanium-based_systems SP2
- Microsoft windows_server_2008_for_itanium-based_systems
- Microsoft windows_server_2008_for_x64-based_systems R2
- Microsoft windows_server_2008_for_x64-based_systems SP2
- Microsoft windows_server_2008_for_x64-based_systems
- Microsoft windows_server_2008_r2_datacenter
- Microsoft windows_server_2008_r2_itanium SP1
- Microsoft windows_server_2008_r2_itanium
- Microsoft windows_server_2008_r2_x64 SP1
- Microsoft windows_server_2008_r2_x64
- Microsoft windows_server_2008_standard_edition - Gold
- Microsoft windows_server_2008_standard_edition - Gold Datacenter
- Microsoft windows_server_2008_standard_edition - Gold Enterprise
- Microsoft windows_server_2008_standard_edition - Gold Hpc
- Microsoft windows_server_2008_standard_edition - Gold Itanium
- Microsoft windows_server_2008_standard_edition - Gold Standard
- Microsoft windows_server_2008_standard_edition - Gold Storage
- Microsoft windows_server_2008_standard_edition - Gold Web
- Microsoft windows_server_2008_standard_edition Itanium
- Microsoft windows_server_2008_standard_edition Release Candidate
- Microsoft windows_server_2008_standard_edition SP2
- Microsoft windows_server_2008_standard_edition - Sp2 Hpc
- Microsoft windows_server_2008_standard_edition - Sp2 Storage
- Microsoft windows_server_2008_standard_edition - Sp2 Web
- Microsoft windows_server_2008_standard_edition X64
- Microsoft windows_server_2008_standard_edition
References