CVE-2023-28244, Kerberos MITM, and Root Causes

Network machine-in-the-middle (MITM) attacks are fun. This post will briefly discuss how I wrote a MITM exploit for a public Windows Kerberos vulnerability, and found another vulnerability in the process. BackgroundIn October of 2022, I was attempting to reproduce James Forshaw’s research on downgrading Windows Kerberos encryption to the “RC4-MD4” cipher. This is an odd legacy cipher in cryptdll.dll (one of several) that is not part of the documented IETF or Microsoft Kerberos specifications, but could nonetheless be negotiated between Windows client and KDC.