RC4 Is Still Considered Harmful

In June 2022, researcher James Forshaw discovered a vulnerability in Windows' handling of RC4 encryption in Kerberos, allowing for user impersonation. Kerberos uses encryption algorithms to prove user credentials, enabling negotiation between clients and servers. RC4, an outdated and vulnerable algorithm, is still enabled by default in Windows despite DES being phased out. Microsoft implemented protections to mitigate RC4's weaknesses by using a keyed MD5 HMAC hash, a randomized "confounder," and deriving the key from the user's password over a message type value. However, the biggest vulnerability lies in the generation of the user's key from their password. Microsoft used the same hash value as NTLM, which lacks protections against brute-force attacks. Attackers can use Kerberoasting or AS-REP Roasting to obtain ciphertext encrypted with the RC4-HMAC key and attempt to brute-force the key. To protect against these attacks, Windows requires pre-authentication, but this can be disabled using the "Do not require Kerberos preauthentication" flag. The success of brute-force attacks depends on password complexity, with service user accounts being more secure due to long and randomly generated passwords. To mitigate the risk, RC4 can be disabled across the network or sensitive users can be added to the Protected Users Group. The encryption algorithms are implemented in CRYPTDLL.DLL, with private types indicated by negative encryption type values.