Share via

krbtgt - RC4 Encryption Type

gayoner996 1 Reputation point
2022-04-20T18:47:22.53+00:00

Hi,

Running klist on my machine I can see 2 (TGT?) tickets with: Server: krbtgt/DOMAIN.COM @ DOMAIN.COM and KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)

I understand RC4 is depreciated and all my other tickets are listed with AES256. Just not sure if this is cause for concern?

Does the krbtgt AD account just need to be reset? Is there a risk someone could dump the ticket with the hash and crack it?

Thx

Windows for business | Windows Server | Devices and deployment | Configure application groups

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,931 Reputation points
    2022-04-25T08:42:29.23+00:00

    Hi there,

    Yes, this should be taken seriously as we know that RC4 encryption is considered less secure than the newer encryption types, AES128-CTS-HMAC-SHA1-96 and AES256-CTS-HMAC-SHA1-96.

    If you are planning on Resetting the krbtgt password this might help you out https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-resetting-the-krbtgt-password

    Security guides such as the Windows 10 Security Technical Implementation Guide provide instructions for improving the security of a computer by configuring it to use only AES128 and/or AES256 encryption. https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/unsupported-etype-error-accessing-trusted-domain

    -----------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.