search cancel

Kerberos Auth and AD kerberos patch CVE-2020-17049

book

Article ID: 215829

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

 

Running Active Directory as KDC, one would like to know if after
patching the Active Directory KDC with the for CVE-2020-17049 (1) and
setting the Windows Registry Key which will set the Active Directory
Windows OS Registry Key :

  HKLM\System\CurrentControlSet\Services\Kdc\PerformTicketSignature

  PerformTicketSignature to 1

will Siteminder faces possible issue by processing Kerberos
Authentication Scheme.

 

Resolution

 

As Agents and Policy Server use gssapi library calls using MIT
libraries, we don't see any problem with these patches.

 

Additional Information

 

(1)

    Kerberos KDC Security Feature Bypass Vulnerability

      CVE-2020-17049

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049#:~:text=A%20security%20feature%20bypass%20vulnerability,Kerberos%20Constrained%20Delegation%20(KCD).