CCE-35206-2Platform: cpe:/o:microsoft:windows_8.1 | Date: (C)2015-10-14 (M)2023-07-04 |
Warning for large Kerberos tickets
This policy setting allows you to monitor tickets issued during Kerberos authentication whose size is close to or greater than a configured threshold value. The ticket size warnings are logged in the System log.
If you enable this policy setting, you can set the threshold limit above which warnings will be reported. If set too high, then warnings related to authentication failures might be missed. If set too low, then you might see too many ticket warnings in the log to be useful for analysis.
If you disable or do not configure this policy setting, the threshold value defaults to 12,000 bytes, which is the default Kerberos MaxTokenSize for Windows 7, Windows Server 2008 R2 and prior versions.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesSystemKDC!Warning for large Kerberos tickets
(2) REG: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemKDCParameters!EnableTicketSizeThreshold
CCSS Severity: | CCSS Metrics: |
CCSS Score : 5.3 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 1.4 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | Scope: UNCHANGED |
| Confidentiality: NONE |
| Integrity: NONE |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:29744 |