Hi,
Running klist on my machine I can see 2 (TGT?) tickets with: Server: krbtgt/DOMAIN.COM @ DOMAIN.COM and KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
I understand RC4 is depreciated and all my other tickets are listed with AES256. Just not sure if this is cause for concern?
Does the krbtgt AD account just need to be reset? Is there a risk someone could dump the ticket with the hash and crack it?
Thx
Hi there,
Yes, this should be taken seriously as we know that RC4 encryption is considered less secure than the newer encryption types, AES128-CTS-HMAC-SHA1-96 and AES256-CTS-HMAC-SHA1-96.
If you are planning on Resetting the krbtgt password this might help you out https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-resetting-the-krbtgt-password
Security guides such as the Windows 10 Security Technical Implementation Guide provide instructions for improving the security of a computer by configuring it to use only AES128 and/or AES256 encryption. https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/unsupported-etype-error-accessing-trusted-domain
--If the reply is helpful, please Upvote and Accept it as an answer–
6 people are following this question.
