Bug #6713: Weak ciphers event in Kerberos protocol - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #6713

open

CF OD

Weak ciphers event in Kerberos protocol

Bug #6713: Weak ciphers event in Kerberos protocol

Added by Cyrille Franchet over 2 years ago. Updated 10 months ago.

Status:

Feedback

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Affected Versions:

7.0.2

Effort:

Difficulty:

low

Label:

Protocol, Rust

Description

The weak cipher event is located on the encrypted data for TGS_REP. This is incorrect I think. We should check the ticket encryption type and not the encrypted data.
The current implementation detects ASREPRoasting but not Kerberoasting.

History
Notes
Property changes

PA Updated by Philippe Antoine 11 months ago Actions
Copy link
#1

Did you see SV test krb5-kerberoasting ? Is it not good ?

PA Updated by Philippe Antoine 10 months ago Actions
Copy link
#2

Status changed from New to Feedback

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Bug #6713

Weak ciphers event in Kerberos protocol

PA Updated by Philippe Antoine 11 months ago Actions
Copy link
#1

PA Updated by Philippe Antoine 10 months ago Actions
Copy link
#2

Project

General

Profile

Suricata

Custom queries

Bug #6713

Weak ciphers event in Kerberos protocol

PA Updated by Philippe Antoine 11 months ago ActionsCopy link #1

PA Updated by Philippe Antoine 10 months ago ActionsCopy link #2

PA Updated by Philippe Antoine 11 months ago Actions
Copy link
#1

PA Updated by Philippe Antoine 10 months ago Actions
Copy link
#2