A low-privileged user can obtain a hash of the passwords of all domain users and perform offline brute force (kerberoasting). It was found that all users who have TGT Kerberos tickets can request TGS for another user's principal. And since the “krbPrincipalKey” value for users is created based on their password, kerberoasting attacks on TGS tickets are possible. A potential attacker can brute force the password by requesting TGS for other users.
Created freeipa tracking bugs for this issue: Affects: fedora-all [bug 2291164]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2024:3758 https://access.redhat.com/errata/RHSA-2024:3758
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2024:3756 https://access.redhat.com/errata/RHSA-2024:3756
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:3754 https://access.redhat.com/errata/RHSA-2024:3754
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3755 https://access.redhat.com/errata/RHSA-2024:3755
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:3759 https://access.redhat.com/errata/RHSA-2024:3759
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:3761 https://access.redhat.com/errata/RHSA-2024:3761
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:3757 https://access.redhat.com/errata/RHSA-2024:3757
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2024:3775 https://access.redhat.com/errata/RHSA-2024:3775
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:3760 https://access.redhat.com/errata/RHSA-2024:3760