Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
checkPassword is insecure #31
res@… originally submitted this as ticket:833
The python-kerberos checkPassword() method is badly insecure. It does a kinit (AS-REQ) to ask a KDC for a TGT for the given user principal, and interprets the success or failure of that as indicating whether the password is correct. It does not, however, verify that it actually spoke to a trusted KDC: an attacker may simply reply instead with an AS-REP which matches the password he just gave you.
Imagine you were verifying a password using LDAP authentication rather than Kerberos: you would, of course, use TLS in conjunction with LDAP to make sure you were talking to a real, trusted LDAP server. The same requirement applies here. kinit is not a password-verification service.
The usual way of doing this is to take the TGT you've obtained with the user's password, and then obtain a ticket for a principal for which the verifier has keys (e.g. a web server processing a username/password form login might get a ticket for its own HTTP/host@REALM principal), which it can then verify. Note that this requires that the verifier have its own Kerberos identity, which is mandated by the symmetric nature of Kerberos (whereas in the LDAP case, the use of public-key cryptography allows anonymous verification).
If this is not implemented, the documentation should at least indicate that there is no protection against KDC spoofing attacks here.
Hrm, I wanna re-open this. I'd suggest we rename
But unless fixing the implementation as suggested doesn't make sense, I think this bug should stay open.
What is the implication of using this method for infrastructure testing & monitoring?
KDC spoofing might result in a false positive that infrastructure is online but would it result in credential compromise given Krb is designed to run over untrusted networks and only hashes timestamps and tickets instead of sending the actual pw/hashes? Is there any way it could lead to TGT theft or similar?