Sometime around 1986 or 1987, Stan Zanarotti (srz@mit.edu) developed
an attack on KSU, a program that used KerberosAuthentication to
control access to the root account on a unix host.

The application misused Kerberos in the following way. It requested an
initial ticket for the user, and then prompted for a password with
which to decrypt the ticket. If an attacker could both run the KSU
program and generate packets on the net, it could synthesize an
initial ticket that decrypted successfully with a known key.

The application misused Kerberos in the following way. It requested an
initial ticket for the user, and then prompted for a password with
which to decrypt the ticket. If an attacker could both run the KSU
program and generate packets on the net, it could synthesize an
initial ticket that decrypted successfully with a known key.

Sometime around 1986 or 1987, Stan Zanarotti (srz@mit.edu) developed
an attack on KSU, a program that used KerberosAuthentication to
control access to the root account on a unix host.

The application misused Kerberos in the following way. It requested an
initial ticket for the user, and then prompted for a password with
which to decrypt the ticket. If an attacker could both run the KSU
program and generate packets on the net, it could synthesize an
initial ticket that decrypted successfully with a known key.

The application misused Kerberos in the following way. It requested an
initial ticket for the user, and then prompted for a password with
which to decrypt the ticket. If an attacker could both run the KSU
program and generate packets on the net, it could synthesize an
initial ticket that decrypted successfully with a known key.