Posted October 12, 200816 yr Hi, I don't know if it is the right place to ask this question… Anyway, I was reviewing the latest Microsoft PAC structure (http://msdn.microsoft.com/en-us/library/cc208628.aspx ) and I noticed that the Security Consideration mentions that “The signature of a PAC prevents elevation of privilege attacks. The signature MUST be verified to avoid these attacks.†I don’t understand how the PAC_SERVER_CHECKSUM signature with the server key can help to prevent a client to generate its own PAC and then use it to gain access to a remote service. Indeed, the PAC is generated by the Active Directory and then encrypted with integrity protection (RC4-HMAC) in the Ticket with the service key this should be enough to prevent a client to access and modify the PAC, no? This PAC_SERVER_CHECKSUM signature seems to be useless, since the ticket content (and with it the PAC) is also encrypted with the same master key, no? In other words, if a service/server does not check the PAC_SERVER_CHECKSUM, should it be considered as a serious security vulnerability? If yes, how can such service be attacked? Thanks for the clarification. -- Yanai
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.