Friend
Professional
- Messages
- 2,669
- Reaction score
- 943
- Points
- 113
Outdated algorithms open the way to a global digital catastrophe.
Researchers from Tel Aviv University have discovered serious vulnerabilities in modern operating systems related to the implementation of the Kerberos protocol. Despite years of security improvements, the old cryptographic algorithms used in Kerberos remain vulnerable to attack, putting corporate networks around the world at risk.
The main threat comes from the use of the legacy PKCS #1 v1.5 scheme in RSA encryption, which is present in the implementation of smart card-based authentication. Researchers have shown that this configuration makes systems vulnerable to Bleichenbacher-type attacks, allowing attackers to obtain cryptographic session tokens, including user and administrator passwords.
In the course of experiments, experts demonstrated how this attack can be used to gain access to cryptographic keys and passwords, speeding up the hacking process through multiple sessions while remaining undetected.
In addition, the study found that smart cards, despite their widespread use in modern operating systems, do not provide a sufficient level of privacy, which also makes them susceptible to attacks. The use of microstructural attacks through third-party channels allowed researchers to gain access to encrypted data transmitted on the network, even when using modern versions of Windows and Linux.
They also found that current versions of operating systems, including Windows 10 and Windows 11, do not contain global limits on the number of sessions that can be initiated, giving hackers the ability to speed up attacks and access sensitive data through dedicated websites, creating multiple sessions at once.
While Microsoft is already working to fix these vulnerabilities, most users remain at risk. It is important that corporate network administrators take steps to improve the security of their systems, such as disabling vulnerable configurations and using more modern cryptographic techniques.
These findings demonstrate how dangerous it can be to use outdated cryptographic solutions in modern systems. It is important to continue researching and improving the security of protocols, especially those that are widely used to protect corporate data.
Source
Researchers from Tel Aviv University have discovered serious vulnerabilities in modern operating systems related to the implementation of the Kerberos protocol. Despite years of security improvements, the old cryptographic algorithms used in Kerberos remain vulnerable to attack, putting corporate networks around the world at risk.
The main threat comes from the use of the legacy PKCS #1 v1.5 scheme in RSA encryption, which is present in the implementation of smart card-based authentication. Researchers have shown that this configuration makes systems vulnerable to Bleichenbacher-type attacks, allowing attackers to obtain cryptographic session tokens, including user and administrator passwords.
In the course of experiments, experts demonstrated how this attack can be used to gain access to cryptographic keys and passwords, speeding up the hacking process through multiple sessions while remaining undetected.
In addition, the study found that smart cards, despite their widespread use in modern operating systems, do not provide a sufficient level of privacy, which also makes them susceptible to attacks. The use of microstructural attacks through third-party channels allowed researchers to gain access to encrypted data transmitted on the network, even when using modern versions of Windows and Linux.
They also found that current versions of operating systems, including Windows 10 and Windows 11, do not contain global limits on the number of sessions that can be initiated, giving hackers the ability to speed up attacks and access sensitive data through dedicated websites, creating multiple sessions at once.
While Microsoft is already working to fix these vulnerabilities, most users remain at risk. It is important that corporate network administrators take steps to improve the security of their systems, such as disabling vulnerable configurations and using more modern cryptographic techniques.
These findings demonstrate how dangerous it can be to use outdated cryptographic solutions in modern systems. It is important to continue researching and improving the security of protocols, especially those that are widely used to protect corporate data.
Source
