Does pre-authentication help against "insider" attacks?

Adam Lewenberg adamhl at stanford.edu
Fri May 26 17:08:37 CEST 2017


I am trying to understand the security benefits of requiring 
pre-authentication.

Consider this scenario: an attacker is trying to learn the password for 
a service account, e.g., the principal used by the ssh service on some 
server. The attacker already has the credentials for a user's account 
(but not, of course, the service account he is attacking). The attacker 
requests a service ticket for the account he is attacking. The attacker 
then uses brute force (offline) to derive the service account's password.

In the context where the attacker *already* has an account, requiring 
pre-authentication does not help mitigate against this sort of attack.In 
other words, pre-authentication helps against attacks from "outsiders" 
but not from existing users.

Is this correct?

Thanks, Adam Lewenberg




More information about the Heimdal-discuss mailing list