CCE-36710-2Platform: cpe:/o:microsoft:windows_server_2012::r2 | Date: (C)2015-10-08 (M)2023-07-04 |
Kerberos Key Distribution Center
The Kerberos Key Distribution Center service enables users to log on to the network and be authenticated by the Kerberos version 5 (v5) authentication protocol.
As in other implementations of the Kerberos protocol, the Kerberos Key Distribution Center (KDC) is a single process that provides two services:
Authentication Service. This service issues ticket-granting tickets (TGTs) for connection to the ticket-granting service in its own domain or in any trusted domain. Before a client computer can request a ticket to another computer, it must request a TGT from the authentication service in its account domain. The authentication service returns a TGT for the ticket-granting service in the target computer's domain. The TGT can be reused until it expires, but first access to any domain's ticket-granting service always requires the client computer to contact the authentication service in its account domain.
Ticket-granting service. This service issues tickets for connection to computers in its own domain. When a client computer wants to access another computer, it must request a TGT and ask for a ticket to the computer. The ticket can be reused until it expires, but first access to any computer always requires contact with the ticket-granting service in the target computer's account domain.
If the Kerberos Key Distribution Center service stops, users will be unable to log on to the network and access resources.
Parameter:
[manual/disable/automatic]
Technical Mechanism:
(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsSystem Services!Kerberos Key Distribution Center
(2) REG: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetserviceskdc!Start
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.1 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:22734 |