Kerberos is vulnerable to replay in which of the following circumstances?

A.
When a private key is compromised within an allotted time window.

B.
When a public key is compromised within an allotted time window.

C.
When a ticket is compromised within an allotted time window.

D.
When the KSD is compromised within an allotted time window.

Explanation:
Kerberos addresses the confidentiality and integrity of information. It does not directly address availability and
attacks such as frequency analysis. Furthermore, because all the secret keys are held and authentication is
performed on the Kerberos TGS and the authentication servers, these servers are vulnerable to both physical
attacks and attacks from malicious code. Replay can be accomplished on Kerberos if the compromised tickets
are used within an allotted time window. Because a client’s password is used in the initiation of the Kerberos
request for the service protocol, password guessing can be used to impersonate a client.
Incorrect Answers:
A: Kerberos does not use a private key like an asymmetric key cryptography system does. It uses symmetric
key cryptography (shared key).
B: Kerberos does not use a public key like an asymmetric key cryptography system does. It uses symmetric key
cryptography (shared key).
D: KSD being compromised is not a vulnerability of Kerberos.

Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley
Publishing, Indianapolis, 2007, p. 78