Bug #6713: Weak ciphers event in Kerberos protocol - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #6713

open

Weak ciphers event in Kerberos protocol

Added by Cyrille Franchet over 1 year ago. Updated 14 days ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Affected Versions:

7.0.2

Effort:

Difficulty:

low

Label:

Protocol, Rust

Description

The weak cipher event is located on the encrypted data for TGS_REP. This is incorrect I think. We should check the ticket encryption type and not the encrypted data.
The current implementation detects ASREPRoasting but not Kerberoasting.

History
Notes

Actions

Copy link

Updated by Philippe Antoine 14 days ago

Did you see SV test krb5-kerberoasting ? Is it not good ?

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #6713

Weak ciphers event in Kerberos protocol

Updated by Philippe Antoine 14 days ago