In fact, AES encryption wasn’t available as an option on Windows until Windows Vista and Windows Server 2008. RC4 Kerberos encryption is still supported even now, 15 years later. Once the NTLM password hash is discovered, it can be used in a variety of ways, including re-compromising the Active Directory domain (think Golden Tickets & Silver Tickets). The easy way to do this was to use the NTLM password hash as the Kerberos RC4 encryption private key used to encrypt/sign Kerberos tickets. This support meant that Microsoft needed to support several different clients and enable them to speak Kerberos. When Microsoft released Windows 2000 and Active Directory along with it, they needed to support Windows NT and Windows 95 which meant a wide variety of security (and less secure configurations).
There are several Kerberos attacks that take advantage of Microsoft’s legacy support in Active Directory. This legacy support is enabled when using Kerberos RC4 encryption (RC4_HMAC_MD5) since the NTLM password hash is used extensively with this encryption type. The issues are primarily related to the legacy support in Kerberos when Active Directory was released in the year 2000 with Windows Server 2000.
Microsoft’s Kerberos implementation in Active Directory has been targeted over the past couple of years by security researchers and attackers alike.
0 kommentar(er)
