Is Kerberos prone to Brute Force attack?

Puneet Mehta, SDG

Hi, I have been to many discussion groups and was recently directed to you for this question. My question is -...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

I know this place is known for experts - so I am counting on you for the right answer.

Kerberos is vulnerable to Password guessing as it cannot detect a dictionary attack. So when we are talking about Kerberos, let me tell you some more weaknesses too:

It Provides Authentication, confidentiality and integrity, but not availability or non-repudiation (as it uses Symmetric Keys).
The KDC is a single Point of failure. If compromised, the integrity of the whole network is compromised.
Secret Keys are stored on User's Workstations. Even the session keys are stored on user?s workstations in cache or key tables.
Hope this is what you were looking for. Let me know if you need any more information.
-Puneet

This was last published in September 2002

Dig Deeper on Network Security Monitoring and Analysis

Related Q&A from Puneet Mehta

How do VPN concentrators and network access servers (NAS) differ?

Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ... Continue Reading

What keeps unauthorized users from accessing my IP address/Internet?

Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ... Continue Reading

Controlling network access by MAC address restriction on wired networks

If you've used MAC address restriction to control your network access on your wireless router, can you extend this to your wired network? Our ... Continue Reading

SearchUnifiedCommunications

Zoom Phone system users share their success stories and setbacks

Tech leaders at Zoomtopia explained how migrating to the Zoom Phone system provides their employees with an integrated ...

RingCentral offers bulk SMS for reaching customers

A high-volume SMS API will let RingCentral users send thousands of messages at a time, a move that should help customers with ...

UC presence evolves amid remote work revolution

UC presence technology must evolve to be effective in today's world of remote work and multi-device communication. Learn how ...

SearchMobileComputing

5G isn't for the iPhone 12 buyer

U.S. carriers are years away from delivering reliable 5G service nationwide, so the supporting technology in the iPhone 12 is not...

Learn 5 Microsoft Intune security features for mobile admins

Intune admins must be familiar with all the most essential security features that the platform offers. Learn about features such ...

Microsoft adding voice commands to Outlook mobile app

Voice commands built into the Outlook mobile app will speed up writing emails, scheduling meetings and calling colleagues, ...

SearchDataCenter

IBM cloud revenues climb as hardware continues to decline

IBM cloud revenues continue to increase as hardware sales drop, sharpening the company's strategy to focus on hybrid cloud.

Figure out the differences of asset management vs. CMDB

There is no shortage of software options for change management tools. Operational goals can help IT teams decide if ITAM or CMDB ...

IBM partners with HBCUs to promote quantum computing

IBM is partnering with a group of historically Black colleges and universities to set up a quantum computing center in hopes of ...

SearchITChannel

Why 'channel' is a confusing term for MSPs and what to use

Instead of using 'channel,' for marketing, Dave Sobel thinks that solutions providers should consider 'ecosystem,' as channel is ...

Accenture, ServiceNow launch business group

The new Accenture ServiceNow Business Group aims to initially deliver industry offerings in financial services, government ...

When an SAP S/4HANA selective data transition makes sense

An SAP S/4HANA selective data transition might be the best approach for a customer's ECC conversion. Learn how this approach ...

Old Microsoft Kerberos vulnerability gets new spotlight

Kerberos platform interoperability connects Windows to the rest of the world

Kerberos authentication in RHEL: Easing Windows-Linux integration

Kerberos configuration as an authentication system for single sign-on

Please create a username to comment.