Kerberos Security Feature Bypass in Microsoft Windows Products
CVE-2015-6095

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Server 2008; Windows Server 2012; Windows 10; Windows 8.1
Vendor: CVE Published:; 11 November 2015

Badges

👾 Exploit Exists

What is CVE-2015-6095?

A vulnerability in the Kerberos implementation of Microsoft Windows allows attackers with physical access to bypass authentication mechanisms. By leveraging this flaw, an attacker can connect to an unintended Key Distribution Center (KDC), which may permit them to perform decryption attacks against certain BitLocker configurations, potentially compromising sensitive data.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securitytracker.com/id/1034125

vdb-entryx_refsource_SECTRACK

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 18, 2016
👾
Exploit known to exist
Feb 18, 2016
Vulnerability published
Nov 11, 2015
Vulnerability Reserved
Aug 14, 2015