Is Kerberos prone to Brute Force attack?

Puneet Mehta, SDG

Hi, I have been to many discussion groups and was recently directed to you for this question. My question is -...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

I know this place is known for experts - so I am counting on you for the right answer.

Kerberos is vulnerable to Password guessing as it cannot detect a dictionary attack. So when we are talking about Kerberos, let me tell you some more weaknesses too:

It Provides Authentication, confidentiality and integrity, but not availability or non-repudiation (as it uses Symmetric Keys).
The KDC is a single Point of failure. If compromised, the integrity of the whole network is compromised.
Secret Keys are stored on User's Workstations. Even the session keys are stored on user?s workstations in cache or key tables.
Hope this is what you were looking for. Let me know if you need any more information.
-Puneet

This was last published in September 2002

Dig Deeper on Network Security Monitoring and Analysis

Related Q&A from Puneet Mehta

How do VPN concentrators and network access servers (NAS) differ?

Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ... Continue Reading

What keeps unauthorized users from accessing my IP address/Internet?

Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ... Continue Reading

Controlling network access by MAC address restriction on wired networks

If you've used MAC address restriction to control your network access on your wireless router, can you extend this to your wired network? Our ... Continue Reading

Old Microsoft Kerberos vulnerability gets new spotlight

Kerberos platform interoperability connects Windows to the rest of the world

Kerberos authentication in RHEL: Easing Windows-Linux integration

Kerberos configuration as an authentication system for single sign-on

Microsoft update of Teams Rooms for Android falls short

5 steps to managing team collaboration apps

How to improve virtual collaboration in the enterprise

AR use cases gain ground due to COVID-19, maturing tech

Samsung introduces its cheapest A Series 5G phone yet

LG to stop selling mobile phones

New Intel Ice Lake processors boost performance, security

IBM tools speed mainframe application modernization projects

Nvidia vs. AMD: Compare GPU offerings

How threat modeling technology fits into modern security

SAP skills, cloud development expertise in demand

Logically buys MSSP company, sets sights on $100M