Check or Attack Name: kerbul

Because the Kerberos IV Key Distribution Center (KDC) does not clear some internal buffers, a remote attacker can send a malformed packet to the KDC that will cause it to leak the username of the last request. By sending these packets multiple times and analyzing the results of each one, a list of usernames can be obtained.

This problem does not affect Kerberos 5 installations or Kerberos 5 in version 4 compatibility mode. Cygnus Network Security provided a fix for this vulnerability in the 96Q4 release of Kerberos 4.

L0pht Security Advisory, Kerberos 4, http://www.l0pht.com/advisories/krb_adv.html

Massachusetts Institute of Technology, Kerberos: The Network Authentication Protocol, http://web.mit.edu/kerberos/www/