Re: CVE-2020-17049

2020-11-17 Thread James Ralston
On Mon, Nov 16, 2020 at 10:48 AM Luke Hebert wrote: > We've just started encountering problems at customer sites with > Kerberos enabled clients as a result of how Microsoft appears to be > approaching CVE-2020-17049 > <https://cve.mitre.org/cgi-bin/cvename.cgi?name=

Re: CVE-2020-17049

2020-11-17 Thread Jeffrey T. Hutzelman
: kerberos-boun...@mit.edu on behalf of Jeffrey Altman Sent: Tuesday, November 17, 2020 1:51 PM To: Greg Hudson (ghud...@mit.edu); Robbie Harwood (rharw...@redhat.com); kerberos@mit.edu Subject: Re: CVE-2020-17049 On 11/17/2020 1:26 PM, Greg Hudson (ghud...@mit.edu) wrote: > On 11/17/20 12:5

Re: CVE-2020-17049

2020-11-17 Thread Jeffrey Altman
On 11/17/2020 1:26 PM, Greg Hudson (ghud...@mit.edu) wrote: > On 11/17/20 12:53 PM, Jeffrey Altman wrote: >> Just to set the record straight, Kerberos service tickets have never >> been renewable unless they were obtained as initial tickets. Only >> TGTs are renewable. This is true for MIT and He

Re: CVE-2020-17049

2020-11-17 Thread Greg Hudson
On 11/17/20 12:53 PM, Jeffrey Altman wrote: > Just to set the record straight, Kerberos service tickets have never > been renewable unless they were obtained as initial tickets. Only > TGTs are renewable. This is true for MIT and Heimdal as well as > Active Directory. Both initial and non-initia

Re: CVE-2020-17049

2020-11-17 Thread Sean Phillips
unsubscribe On Mon, Nov 16, 2020 at 10:58 AM Luke Hebert wrote: > Hi, > > We've just started encountering problems at customer sites with Kerberos > enabled clients as a result of how Microsoft appears to be approaching > CVE-2020-17049 > <https://cve.mitre.org/cgi-bin

Re: CVE-2020-17049

2020-11-17 Thread Jeffrey Altman
On 11/17/2020 12:16 PM, Robbie Harwood (rharw...@redhat.com) wrote: > Luke Hebert writes: > >> Hi, >> Disabling service >> ticket and tgt renewability is not great and it obviously breaks long >> running processes that rely on renewability of these items. Just to set the record straight, Kerbero

Re: CVE-2020-17049

2020-11-17 Thread Robbie Harwood
Luke Hebert writes: > Hi, > > We've just started encountering problems at customer sites with Kerberos > enabled clients as a result of how Microsoft appears to be approaching > CVE-2020-17049 > <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17049>. The &

CVE-2020-17049

2020-11-16 Thread Luke Hebert
Hi, We've just started encountering problems at customer sites with Kerberos enabled clients as a result of how Microsoft appears to be approaching CVE-2020-17049 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17049>. The details on this CVE are slim on Mitre and there is a s