Bleeping Computer

Windows Kerberos authentication breaks due to security updates

Microsoft is investigating a new known issue causing enterprise domain controllers to experience Kerberos authentication problems after installing security updates released to address CVE-2020-17049 ...
Bleeping Computer

Microsoft releases patching guidance for Kerberos security bug

Microsoft has released additional details on how to fully mitigate a security feature bypass vulnerability in Kerberos KDC (Key Distribution Center) patched during this month's Patch Tuesday. The ...
Threat Post

Kerberos Authentication Spoofing: Don’t Bypass the Spec

Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS. Authentication is the front gate to security systems, so if ...
TechRadar

Microsoft fixes Kerberos-related authentication issues in Windows Server

Microsoft has issued out-of-band (OOB) updates to address authentication failures on domain controllers that run all currently supported editions of Windows Server. According to the security advisory, ...
Ars Technica

Internet Explorer always using Kerberos authentication... even when unsupported.

Server: Fully-patched 2008 R2, running Certificate Services. The /certsrv virtual directory is using (I believe) default settings. Specifically, this means it's using Windows Authentication, with NTLM ...
Ars Technica

fun with kerberos. tickets and cache files

i am working off a fedora installation, so relevant info (from madred hatters, maybe) would be appreciated. i am trying to get rid of passwords in config files for several services (nslcd, httpd, ...
CSOonline

Fear the golden ticket attack!

Be afraid of the golden ticket attack -- if malicious hackers can create the tickets, they can wreak whatever havoc they please The Windows security world is abuzz about Kerberos “golden ticket” ...