Skip Menu |

Date: Wed, 23 Dec 2020 15:45:28 +0200
Subject: Add new PAC_INFO_BUFFER structure for compatibility with latest MS-PAC update
From: "Alexander Bokovoy" <>
Download (untitled) / with headers
text/plain 2.5KiB

Microsoft updated MS-PAC specification with the details of the extension
to fix CVE-2020-17049[1].

As this is yet another signature structure, it needs to be produced and
verified by the KDC, like the existing ones.

MS-PAC update change file can seen in [2]

Relevant section change is quoted below:
2.8.3 (Added Section) Ticket Signature

The ticket signature<17> is generated by the issuing KDC and depends on the cryptographic
algorithms available to the KDC. The ulType field of the PAC_INFO_BUFFER structure (section 2.4)
corresponding to the ticket signature will contain the value 0x00000010. The SignatureType MUST
match the SignatureType in the KDC signature and the key used MUST be the same. The Key Usage
Value MUST be KERB_NON_KERB_CKSUM_SALT [17] ([MS-KILE] section The KDC will use
KDC (krbtgt) key [RFC4120], so that other KDCs can verify this signature on receiving a PAC.

The ticket signature is used to detect tampering of tickets by parties other than the KDC. The ticket
signature SHOULD be included in tickets that are not encrypted to the krbtgt account (including the
change password service) or to a trust account.

The KDC signature is a keyed hash [RFC4757] of the ticket being issued less the PAC itself. To
compute the data to be checksummed, first the KDC must otherwise complete the TGT-REQ and
construct the final service ticket. The ad-data in the PAC’s AuthorizationData element ([RFC4120]
section 5.2.6) is replaced with a single zero byte, and the EncTicketPart ([RFC4120] section 5.3) is
encoded using the ASN.1 Distinguished Encoding Rules (DER).

The resulting hash is placed in the Signature field of the KDC's PAC_SIGNATURE_DATA structure
(section 2.8).

When a ticket is altered as during renewal ([RFC4120] section 2.3), the KDC SHOULD verify the
integrity of the existing ticket signature and then recompute the ticket signature, server signature,
and KDC signature in the PAC.

[1] CVE resources:
CVE details:
Fix deployment:
Reporter's blog:

/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland