Software Engineering Institute

When a user requests an encrypted Kerberos Telnet connection, and encryption cannot be negotiated, the KTH Kerberos IV and Kerberos V (Heimdal) Telnet client implementations proceed to establish the connection using no encryption, transmitting data in clear text. Simon Josefsson has published a paper describing several active man-in-the-middle attacks against the Kerberos Telnet protocol. An underlying vulnerability in the protocol [VU#774587] lets an active man-in-the-middle attacker modify encryption options sent from the server to the client, making it appear that the server does not support encryption. In addition, the attacker can intercept warnings from the server that encryption is not enabled. When a user requests encryption and the server does not appear to support it, the KTH Kerberos Telnet client implementations continue negotiation and establish a connection with no encryption. One defense against this type of attack is for the Kerberos Telnet client to strictly enforce the user's request to encrypt the data stream and terminate the connection if encryption cannot be established.

An attacker with the ability to modify Kerberos Telnet negotiation commands sent from server to client may be able to cause the connection to negotiate less secure authentication and encryption options, including no encryption. The attacker may then be able to read data that the user presumes to be securely encrypted.

Enforce Client Encryption Preference

One defense against the attacks described in Josefsson's paper is to strictly enforce the client's preferences and abort the connection if authentication or encryption cannot be negotiated. The following is an excerpt from a man page entry for a BSD-derived telnet command option to enable data encryption:

    -x  Turn on encryption of the data stream.  When this option is turned on,  tel-
        net  will  exit  with  an error if authentication cannot be negotiated or if
        encryption cannot be turned on.

Josefsson references a patch for the KTH Kerberos V (Heimdal) implementation that enforces the client's encryption preference.

Confirm Data Encryption

Confirm that Telnet data is encrypted using a network sniffer.