Does pre-authentication help against "insider" attacks?
adamhl at stanford.edu
Fri May 26 17:08:37 CEST 2017
I am trying to understand the security benefits of requiring
Consider this scenario: an attacker is trying to learn the password for
a service account, e.g., the principal used by the ssh service on some
server. The attacker already has the credentials for a user's account
(but not, of course, the service account he is attacking). The attacker
requests a service ticket for the account he is attacking. The attacker
then uses brute force (offline) to derive the service account's password.
In the context where the attacker *already* has an account, requiring
pre-authentication does not help mitigate against this sort of attack.In
other words, pre-authentication helps against attacks from "outsiders"
but not from existing users.
Is this correct?
Thanks, Adam Lewenberg
More information about the Heimdal-discuss