Windows Kerberos Security Feature Bypass Vulnerability - CVE-2024-20674ID: oval:org.secpod.oval:def:96668 | Date: (C)2024-01-10 (M)2024-04-17 |
Class: VULNERABILITY | Family: windows |
Windows Kerberos Security Feature Bypass Vulnerability. The authentication feature could be bypassed as this vulnerability allows impersonation. An authenticated attacker could exploit this vulnerability by establishing a machine-in-the-middle (MITM) attack or other local network spoofing technique, then sending a malicious Kerberos message to the client victim machine to spoof itself as the Kerberos authentication server. Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack. An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.
Platform: |
Microsoft Windows 10 |
Microsoft Windows 11 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |
Microsoft Windows Server |