Jump to content

Featured Replies

Posted

Hi,

 

I don't know if it is the right place to ask this question…

 

Anyway, I was reviewing the latest Microsoft PAC structure

(http://msdn.microsoft.com/en-us/library/cc208628.aspx ) and I

noticed that the Security Consideration mentions that “The signature of a

PAC prevents elevation of privilege attacks. The signature MUST be verified

to avoid these attacks.â€

 

I don’t understand how the PAC_SERVER_CHECKSUM signature with the server key

can help to prevent a client to generate its own PAC and then use it to gain

access to a remote service. Indeed, the PAC is generated by the Active

Directory and then encrypted with integrity protection (RC4-HMAC) in the

Ticket with the service key this should be enough to prevent a client to

access and modify the PAC, no?

 

This PAC_SERVER_CHECKSUM signature seems to be useless, since the ticket

content (and with it the PAC) is also encrypted with the same master key, no?

 

In other words, if a service/server does not check the PAC_SERVER_CHECKSUM,

should it be considered as a serious security vulnerability? If yes, how can

such service be attacked?

 

Thanks for the clarification.

 

--

Yanai

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...