CVE-2026-20833

Description

Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally.

CVSS Details

CVSS Score

5.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:* - VULNERABLE

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:* - VULNERABLE

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* - VULNERABLE

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* - VULNERABLE

Windows Server 2019 及更早版本（特定配置下）

Windows 10 Version 1809 及更早版本

Windows 11 Version 22H2（特定配置下）

Windows Server 2022（特定配置下）

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2026-20833 PoC - Windows Kerberos Weak Cryptographic Algorithm Exploitation
# This PoC demonstrates the concept of exploiting weak cryptographic algorithms in Windows Kerberos

import os
import sys
import subprocess
import re

def check_kerberos_encryption_algorithms():
    """
    Check for weak Kerberos encryption algorithm configurations
    This script checks for the presence of deprecated or weak encryption types
    """
    print("[*] CVE-2026-20833 - Windows Kerberos Weak Encryption Algorithm Check")
    print("[*] Target: Windows Kerberos Authentication Service")
    print("=" * 60)
    
    # Check for weak encryption types in Kerberos configuration
    weak_algorithms = [
        "des-cbc-crc",      # DES encryption - considered weak
        "des-cbc-md5",      # DES encryption - considered weak  
        "rc4-hmac",         # RC4 encryption - known weaknesses
        "des3-cbc-sha1"     # 3DES - deprecated in modern systems
    ]
    
    print("\n[+] Checking for weak Kerberos encryption algorithms...")
    
    try:
        # Use klist to display cached Kerberos tickets
        result = subprocess.run(['klist', 'tickets'], capture_output=True, text=True, timeout=30)
        print(f"[+] Cached tickets information:\n{result.stdout}")
        
        # Check for weak encryption types in ticket output
        for algorithm in weak_algorithms:
            if algorithm.upper() in result.stdout.upper():
                print(f"[!] WARNING: Weak encryption algorithm detected: {algorithm}")
        
    except FileNotFoundError:
        print("[-] klist command not found - this system may not support Kerberos")
    except Exception as e:
        print(f"[-] Error accessing Kerberos tickets: {e}")
    
    print("\n[*] Note: This is a demonstration script for security research purposes")
    print("[*] Actual exploitation requires specific conditions and weak encryption configuration")
    print("[*] Mitigation: Apply Microsoft security updates and disable weak encryption types")

def demonstrate_vulnerability():
    """
    Simulate vulnerability detection for educational purposes
    """
    print("\n[*] Simulating vulnerability assessment...")
    print("[+] Checking Kerberos encryption settings via registry...")
    
    # In a real scenario, this would check:
    # HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps
    # Or Kerberos policy settings
    
    print("[+] Querying supported encryption types...")
    print("[+] Checking for legacy encryption protocol support...")
    
    # Simulated check results
    print("[+] Supported encryption types: AES256-CTS-HMAC-SHA1-96 (Strong)")
    print("[+] Supported encryption types: AES128-CTS-HMAC-SHA1-96 (Strong)")
    print("[+] Legacy encryption types: RC4-HMAC (Weak - VULNERABLE)")
    print("[+] Legacy encryption types: DES-CBC-CRC (Weak - VULNERABLE)")
    
    print("\n[!] VULNERABILITY DETECTED: System supports weak encryption algorithms")
    print("[!] Attack complexity: Low (AV:L/PR:L/UI:N)")
    print("[!] Confidentiality impact: High (C:H)")

if __name__ == "__main__":
    print("CVE-2026-20833 - Windows Kerberos Weak Cryptographic Algorithm")
    print("Use of broken or risky cryptographic algorithm in Windows Kerberos")
    print("CVSS 3.1: 5.5 (Medium)")
    print()
    
    check_kerberos_encryption_algorithms()
    demonstrate_vulnerability()
    
    print("\n[*] For official remediation, refer to Microsoft Security Response Center")
    print("[*] Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20833")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-20833
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-20833
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-20833/
[4] VulDB https://vuldb.com/cve/CVE-2026-20833
[5] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20833

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-20833", "sourceIdentifier": "[email protected]", "published": "2026-01-13T18:16:11.320", "lastModified": "2026-01-15T14:40:20.963", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally."}, {"lang": "es", "value": "El uso de un algoritmo criptográfico roto o arriesgado en Windows Kerberos permite a un atacante autorizado divulgar información localmente."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-327"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.14393.8783", "matchCriteriaId": "A059E609-F8D4-4246-BDAE-0AEDED1744D2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.17763.8276", "matchCriteriaId": "A74970A1-CC81-4482-B465-8382B1544EF3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.20348.4648", "matchCriteriaId": "C4AA6991-DE34-48F6-AFD3-77CEE7FBB692"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.25398.2092", "matchCriteriaId": "BA5947E0-C44C-4517-A307-DA79752F30A8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.26100.32230", "matchCriteriaId": "D44880ED-E8E9-49A8-BD56-503C63D40000"}]}]}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20833", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}