CybersecurityDefense

Black Hat Europe 2025 | You Win Some, You CheckSum: A Kerberos Delegation Vulnerability

Black Hat
Black HatJun 2, 2026

Why It Matters

It enables attackers to bypass constrained delegation controls, potentially granting administrative access across Windows domains.

Key Takeaways

  • Kerberos still uses legacy MD4 checksum in delegation messages.
  • S4U2self and S4U2proxy can be chained for impersonation.
  • Attackers can downgrade encryption to RC4 to trigger MD4 usage.
  • Missing PA‑DATA validation allows bypass of integrity checks.
  • Vulnerability affects constrained and resource‑based delegation configurations.

Summary

The talk unveiled a logical flaw in Kerberos delegation that lets attackers impersonate users across the network. By exploiting the S4U2self and S4U2proxy messages, the researcher demonstrated how legacy MD4‑based checksums (PA‑DATA type 130) remain in Microsoft’s implementation, despite being deprecated.

The attack chain begins with forcing a client to use RC4 (encryption type 23), which triggers the MD4 checksum path. The attacker then injects or replaces PA‑DATA 130, renames the target account (e.g., to Administrator), and recomputes the MD4 hash, obtaining a forged service ticket. While server‑side checks appear robust, the client‑side verification contains a critical shortcut: if the reply lacks PA‑DATA, the function exits with success, effectively skipping integrity validation.

A striking example from the research shows the attacker adding PA‑DATA 130, receiving a ticket hashed with MD4, yet the ticket never installs because the client rejects the malformed checksum. After extensive debugging, the team discovered the missing‑PA‑DATA bypass, turning what seemed a dead‑end into a viable privilege‑escalation path.

The vulnerability undermines the security guarantees of constrained and resource‑based delegation, exposing enterprises to lateral movement and admin‑level compromise. Organizations must audit delegation configurations, disable RC4/MD4 usage, and push Microsoft for protocol hardening to mitigate this attack surface.

Original Description

In Active Directory networks, user identity impersonation is commonly used when applications need to access network resources on behalf of the user. One of the safest ways to implement this is through Kerberos Constrained Delegation (KCD), which enforces trust boundaries between the application and the target services.
In this talk, we'll dive into the internals of the authentication process behind these mechanisms and present CVE-2025-60704: a logical vulnerability we discovered in Microsoft's Kerberos implementation. Using Machine-in-the-Middle technique, this flaw allowed us to impersonate arbitrary users and ultimately gain control over the entire domain.
To understand how the vulnerability works, we'll walk through protocol behavior, trust assumptions, and some light reverse engineering of Windows internals that helped us trace the flaw down to its root. Finally, we'll discuss mitigation strategies and how to better protect environments relying on Kerberos delegation.
By:
Eliran Partush | Security Researcher, Silverfort
Dor Segal | Security Research Team Lead, Silverfort

Comments

Want to join the conversation?

Loading comments...