Is Kerberos prone to Brute Force attack?

Puneet Mehta, SDG

Hi, I have been to many discussion groups and was recently directed to you for this question. My question is -...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

I know this place is known for experts - so I am counting on you for the right answer.

Kerberos is vulnerable to Password guessing as it cannot detect a dictionary attack. So when we are talking about Kerberos, let me tell you some more weaknesses too:

It Provides Authentication, confidentiality and integrity, but not availability or non-repudiation (as it uses Symmetric Keys).
The KDC is a single Point of failure. If compromised, the integrity of the whole network is compromised.
Secret Keys are stored on User's Workstations. Even the session keys are stored on user?s workstations in cache or key tables.
Hope this is what you were looking for. Let me know if you need any more information.
-Puneet

This was last published in September 2002

Dig Deeper on Network Security Monitoring and Analysis

Related Q&A from Puneet Mehta

How do VPN concentrators and network access servers (NAS) differ?

Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ... Continue Reading

What keeps unauthorized users from accessing my IP address/Internet?

Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ... Continue Reading

Controlling network access by MAC address restriction on wired networks

If you've used MAC address restriction to control your network access on your wireless router, can you extend this to your wired network? Our ... Continue Reading

Old Microsoft Kerberos vulnerability gets new spotlight

Kerberos platform interoperability connects Windows to the rest of the world

Kerberos authentication in RHEL: Easing Windows-Linux integration

Kerberos configuration as an authentication system for single sign-on

AR and VR in video conferencing offer post-pandemic benefits

Big Tech's uneasy balance of capitalism, censorship

Microsoft slow to fulfill request for more Teams channel control

Samsung lowers the price of Galaxy phones with S21 line

Qualcomm to buy Nuvia for $1.4 billion

High phone prices driving consumers to the used phone market

Get a template to estimate server power consumption per rack

When the chips are down, Intel turns to VMware's Pat Gelsinger

Intel CEO Bob Swan to be replaced by VMware's Pat Gelsinger

Why 2020 may have changed the MSP industry forever

Huntress security platform gets boost from Level Effect EDR

Cloud distributor Pax8 pursues UK growth, tech innovation