RC4 Is Still Considered Harmful

This technical analysis describes a long-standing insecure Kerberos crypto implementation in Windows (an RC4-MD4 private encryption type) and demonstrates two practical attacks that enable recovery of TGT session keys and user impersonation: an interception-based attack that forces RC4-MD4 into use (CVE-2022-33647) and an oracle-style attack against accounts with pre-authentication disabled (CVE-2022-33679). The author details how the flawed key derivation, truncated/constant key bytes, and lack of integrity enable known-plaintext and byte‑by‑byte key recovery with relatively few requests, and recommends mitigations including disabling RC4, applying KDC fixes, using Protected Users or Kerberos FAST/armoring, and monitoring for unusual etypes and repeated Kerberos requests.