Critical Kerberos Delegation Flaw in MS-S4U Protocol Enables Active Directory Impersonation Attacks

3 Jun 2026

KerberosActiveDirectoryMS-S4UMD4RC4-HMACman-in-the-middleauthenticationvulnerabilityCVSS7.5SilverfortEliranBatushASN.1KDCSVC.DLLPA-DATAS4U2selfdomaindominancelegacycryptography

Security researcher Eliran Batush from Silverfort presented a logical vulnerability in Kerberos delegation, specifically in the MS-S4U protocol extension, allowing attackers to impersonate user identities in Active Directory networks. The flaw stems from the use of the deprecated MD4 hashing algorithm in Kerberos’ S4U2self message (PA-DATA type 130), where an unkeyed checksum enables tampering with usernames during authentication. By downgrading encryption to RC4-HMAC (type 23) and injecting a man-in-the-middle attack, Batush demonstrated how an attacker could forge service tickets for arbitrary users, including administrators, without requiring passwords or TGTs. The vulnerability was exploited against applications like CA Web Enrollment and Entra Application Proxy, enabling domain dominance via certificate issuance or modern authentication bypass. Research began in February 2023, with the flaw disclosed in July, confirmed in August, and patched in November, receiving a CVSS score of 7.5 due to its high complexity. Key technical components included ASN.1 parsing, undocumented functions in KDCSVC.DLL, and a client-side verification bypass by removing PA-DATA from TGS replies. The talk emphasized the risks of legacy cryptographic support and improper checksum implementations in authentication protocols.