kerberos-ms14-068

This was the flow in kerberos protocol, which allow standard domain user credentials to elevate privileges to domain admin. A kerberos ticket contains about a user, account name, …., membership in the privilege attribute certificate (PAC). The PAC is signed by the KDC using secret keys to validate the PAC has not been tempered after creation. This vulnerability allow a forged PAC to be accepted by the KDC as legitimate. This can be leverage to create a fake PAC, presenting a user as a member of the domain admin or other privileged group.

Exploit this vulnerability

windows-kernel-exploits MS14-068/pykek

PreviousExploiting Kerberos Delegation Nextno-password-required

Last updated 1 month ago