Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 05:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Use SHA1 for KRB ticket hashing

Browse source
This commit is contained in:
Benjamin Bannier 2024-05-17 15:11:19 +02:00
parent 2bfaab603d
commit 3d3793efc6
2 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

8
scripts/policy/protocols/krb/ticket-logging.zeek
View file

@ -8,7 +8,7 @@ redef record Info += {
## Hash of ticket used to authorize request/transaction
auth_ticket: string &log &optional;
## Hash of ticket returned by the KDC
new_ticket: string &log &optional;
new_ticket: string &log &optional;
};
event krb_ap_request(c: connection, ticket: KRB::Ticket, opts: KRB::AP_Options)
@ -17,17 +17,17 @@ event krb_ap_request(c: connection, ticket: KRB::Ticket, opts: KRB::AP_Options)
c$krb$request_type = "AP";
if ( ticket?$ciphertext )
c$krb$auth_ticket = md5_hash(ticket$ciphertext);
c$krb$auth_ticket = sha1_hash(ticket$ciphertext);
}
event krb_as_response(c: connection, msg: KDC_Response)
{
if ( msg$ticket?$ciphertext )
c$krb$new_ticket = md5_hash(msg$ticket$ciphertext);
c$krb$new_ticket = sha1_hash(msg$ticket$ciphertext);
}
event krb_tgs_response(c: connection, msg: KDC_Response)
{
if ( msg$ticket?$ciphertext )
c$krb$new_ticket = md5_hash(msg$ticket$ciphertext);
c$krb$new_ticket = sha1_hash(msg$ticket$ciphertext);
}