Kerberos is vulnerable to replay in which of the following circumstances?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Replay can be accomplished on Kerberos if the compromised tickets are used within an allotted time window.
The security depends on careful implementation:enforcing limited lifetimes for authentication credentials minimizes the threat of of replayed credentials, the KDC must be physically secured, and it should be hardened, not permitting any non-kerberos activities.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 42.
Kerberos is a network authentication protocol that allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. It works by using a trusted third party, known as the Key Distribution Center (KDC), to verify the identities of both parties and exchange cryptographic keys.
One of the vulnerabilities that Kerberos is susceptible to is a replay attack, which occurs when an attacker intercepts a valid message and then retransmits it at a later time. This can lead to the attacker being able to impersonate the legitimate user and gain unauthorized access to resources.
The correct answer to the question is C. When a ticket is compromised within an allotted time window. A ticket is a cryptographic message that contains authentication information and is issued by the KDC to a user. The ticket contains a timestamp that is used to limit the time that the ticket is valid. If an attacker is able to intercept a valid ticket and retransmit it before the ticket has expired, then they can use the ticket to gain access to resources.
Option A, when a private key is compromised within an allotted time window, is not a vulnerability that Kerberos is susceptible to. Kerberos uses symmetric encryption, which means that both the client and server share the same key. If an attacker were to compromise the client's private key, they would not be able to use it to decrypt the encrypted messages exchanged between the client and server.
Option B, when a public key is compromised within an allotted time window, is also not a vulnerability that Kerberos is susceptible to. Kerberos does not use public key cryptography, so compromising the public key would not allow an attacker to gain unauthorized access.
Option D, when the KSD is compromised within an allotted time window, is not a vulnerability that Kerberos is susceptible to. The KSD is responsible for managing the authentication process and issuing tickets, but it does not store any sensitive information that an attacker could use to gain unauthorized access.