It’s hard enough keeping up with the latest vulnerability reports and new research, but security becomes an even bigger challenge when there’s confusion surrounding a flaw’s severity.
That’s what happened recently when a security researcher described how an attacker could use pass-the-hash or Golden Ticket techniques with “devastating consequences” on Windows systems.
The issue relates to how Microsoft implemented Kerberos, an authentication system that uses secret-key cryptography to provide strong authentication for client/server applications. Instead of sending passwords across the network, Kerberos generates a secret key that’s stored in memory. A flaw in Kerberos sounds serious and not one to lightly dismiss, but on further inspection, the underlying issue seems to be more about organizations disabling security controls and ignoring best practices.
To read this article in full or to leave a comment, please click here