Reply to post: Well, Ain't that dandy!

Windows' authentication 'flaw' exposed in detail

Captain DaFt

Well, Ain't that dandy!

Article title:

"'Devastating' flaw found in Windows' authentication system"

The flaw:

"The krbtgt user is created when the system is first installed and is inactive, so it can remain untouched on a system for years – providing ready access to a hacker."

Opening of final paragraph:

"Dfirblog notes: "Mitigation of most of these attacks is not possible, as this is simply how Kerberos works in the Windows environment"

Ouch! So it works on Windows by automatically installing a backdoor? Who insisted on that feature, I wonder?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019