MIT Kerberos RC4-HMAC-MD5 Checksum Vulnerability Allowing Message Spoofing

A vulnerability exists in the MIT Kerberos implementation that allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed. This issue arises from weaknesses in the MD5 checksum design, which can be exploited to forge message integrity codes. If RC4 is preferred over stronger encryption types, an attacker could manipulate messages without detection, leading to unauthorized tampering. The vulnerability affects several versions of the krb5 package in Red Hat Enterprise Linux 8, as well as in Red Hat Ansible Automation Platform 2. It requires a Kerberos environment with PKINIT enabled, and exploitation depends on specific memory allocation failures or parser behaviors, making the attack complex.

Impact

Exploitation of this vulnerability could result in unauthorized tampering of messages protected by GSSAPI, allowing attackers to alter communications without detection.

Reproduction

Under configurations where RC4-HMAC-MD5 is used for GSSAPI-secured communication, an attacker can intercept messages and apply MD5 collision techniques to create altered messages that preserve the original message integrity code. This exploitation takes advantage of the flawed MD5 checksum in the RC4-HMAC-MD5 implementation, allowing for message spoofing.

Remediation

Users can upgrade to the patched krb5 version 1.18.3-6+deb11u7, available through the Red Hat Update System. For Red Hat Enterprise Linux 8, the update is included in the RHSA-2025:8411 advisory.