Vigil@nce - Windows: decrypting BitLocker via Kerberos
January 2016 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can decrypt BitLocker data via Kerberos of Windows, in
order to read sensitive information.
Impacted products: Windows 10, Windows 2008 R0, Windows 2008 R2,
Microsoft Windows 2012, Windows 7, Windows 8, Windows RT, Windows
Vista.
Severity: 2/4.
Creation date: 10/11/2015.
DESCRIPTION OF THE VULNERABILITY
The Windows system uses BitLocker to decrypt data.
However, if an attacker plugs the computer on a malicious KDC
(Kerberos Key Distribution Center) server, Windows decrypts data.
An attacker can therefore decrypt BitLocker data via Kerberos of
Windows, in order to read sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-decrypting-BitLocker-via-Kerberos-18287