With the use of a new attack technique revealed with a proof-of-concept exploit code, Kerberos, a computer-network authentication protocol, can be bypassed. This technique that is termed the Bronze Bit attack, exploits the CVE-2020-17049 vulnerability. This technique is an older variation of the Golden and Silver ticket attacks.
Once the network is compromised with the help of the Bronze bit attack, the attacker can extract password hashes to bypass and forge credentials for other systems on the same network, as long as the network uses the Kerberos authentication protocol.
- The Kerberos computer-network authentication protocol has been a part of every Windows version that has been released since the year 2000.
- The S4U2self protocol is targeted by this attack to get a service ticket for a targeted user to the compromised service.
- This service ticket is manipulated by the attacker by making sure that its “Forwardable” bit is set to 1, after the service ticket is obtained.
- The Kerberos process cannot detect the tampered tickets hence, the attack is made possible since the Forwardable flag is not.
The Bronze bit attack technique also provides an additional chance for imitation, privilege escalation, and lastly lateral movement, along with being able to bypass two existing protections for Kerberos delegation.
- Since the attack technique relies on flipping only a single bit, hence it is named Bronze bit instead of a Bronze ticket.
- The exploit has been developed as an extension of the Impacket framework.
The acknowledgment of an openly available proof-of-concept exploit magnifies the risk across sensitive network-connected services. Consequently, our internal experts suggest applying the updates released by Microsoft on the 8th of December 2020 that fixes all known issues related to CVE-2020-17049. They also advise users to frequently update their operating system and other critical applications.
To read more, please check eScan Blog
