Attacks: Replay Attack

Another attack Kerberos is prone to is known as the replay attack. An attacker monitors the network and makes a copy of the messages between the KDC and the client as they are being exchanged. The copied message can then be replayed back to KDC by the attacker at a later time. For instance, say Laila, after receiving the TGT from the Authentication Server, requests for a service ticket to talk to a file server from where she intends to download a file. The attacker quietly makes a copy of the service ticket the TGS sends to Laila for communicating with the file server. The attacker can’t crack open the service ticket since he doesn’t have Laila’s or the file server’s long-term key. However, he can send this service ticket to the file server after a few hours and make the file server believe it is Laila and not the attacker on the other end. If at this point, the fileserver ignores the short-term session key enclosed in the service ticket and chooses to continue communication without encryption, the attacker will be able to masquerade as Laila.

1. Client sending a request for a service ticket to KDC.