Nov 2020: Kerberos KDC Security Feature Bypass Vulnerability
CVE-2020-17049 Published on November 11, 2020
Kerberos KDC Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD).
To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it.
The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD.
Products Associated with CVE-2020-17049
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-17049 are published in these products:
Affected Versions
Microsoft Windows Server 2019:- Version 10.0.0 and below 10.0.17763.2061 is affected.
- Version 10.0.0 and below 10.0.17763.2061 is affected.
- Version 10.0.0 and below publication is affected.
- Version 10.0.0 and below publication is affected.
- Version 10.0.0 and below 10.0.19041.1110 is affected.
- Version 10.0.0 and below 10.0.14393.4530 is affected.
- Version 10.0.0 and below 10.0.14393.4530 is affected.
- Version 6.0.0 and below 6.0.6003.21167 is affected.
- Version 6.0.0 and below 6.0.6003.21167 is affected.
- Version 6.0.0 and below 6.0.6003.21167 is affected.
- Version 6.1.0 and below 6.1.7601.25661 is affected.
- Version 6.0.0 and below 6.1.7601.25661 is affected.
- Version 6.2.0 and below 6.2.9200.23409 is affected.
- Version 6.2.0 and below 6.2.9200.23409 is affected.
- Version 6.3.0 and below 6.3.9600.20069 is affected.
- Version 6.3.0 and below 6.3.9600.20069 is affected.
- Version 10.0.0 and below 10.0.19041.1110 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.