krbtgt - RC4 Encryption Type

gayoner996 1 Reputation point
2022-04-20T18:47:22.53+00:00

Hi,

Running klist on my machine I can see 2 (TGT?) tickets with: Server: krbtgt/DOMAIN.COM @ DOMAIN.COM and KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)

I understand RC4 is depreciated and all my other tickets are listed with AES256. Just not sure if this is cause for concern?

Does the krbtgt AD account just need to be reset? Is there a risk someone could dump the ticket with the hash and crack it?

Thx

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,778 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,501 Reputation points
    2022-04-25T08:42:29.23+00:00

    Hi there,

    Yes, this should be taken seriously as we know that RC4 encryption is considered less secure than the newer encryption types, AES128-CTS-HMAC-SHA1-96 and AES256-CTS-HMAC-SHA1-96.

    If you are planning on Resetting the krbtgt password this might help you out https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-resetting-the-krbtgt-password

    Security guides such as the Windows 10 Security Technical Implementation Guide provide instructions for improving the security of a computer by configuring it to use only AES128 and/or AES256 encryption. https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/unsupported-etype-error-accessing-trusted-domain

    -----------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments No comments