'krbtgt account - RC4 Encryption Type
I was running running klist on my machine I can see 2 (TGT?) tickets with: Server: krbtgt/DOMAIN.COM @ DOMAIN.COM and KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
I understand RC4 is depreciated and all my other tickets are listed with AES256. Just not sure if this is cause for concern?
Does the krbtgt AD account just need to be reset? Is there a risk someone could dump the ticket with the hash and crack it?
Thx
Solution 1:[1]
I understand RC4 is depreciated and all my other tickets are listed with AES256. Just not sure if this is cause for concern?
Yes, it's possible that the current keys for the krbtgt principal were created very long ago, before your AD DCs had AES support (meaning there are no AES keys stored for it), and if newer Windows (or Linux Krb5) versions begin turning off RC4-HMAC support, those machines will become completely unable to authenticate.
Does the krbtgt AD account just need to be reset?
Yes, but preferably using the official tool (not by setting a password by hand).
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | user1686 |