#windows

On Windows, the Kerberos ticket renewal process can be used with CG to get an unencrypted TGT session key for a currently authenticated user leading to information disclosure.

On Windows, the handling of cryptographic data comparison in the CG secure process does not use constant time algorithms resulting in information disclosure.

InTouch Access Anywhere Secure Gateway versions 2020 R2 and below suffer from a path traversal vulnerability.

On Windows, the KerbIumGetNtlmSupplementalCredential CG API does not check the encryption key type leading to information disclosure of key material.

On Windows, CG API KerbIumCreateApReqAuthenticator can be used to decrypt arbitrary encrypted Kerberos keys leading to information disclosure.

Windows Credential guard does not prevent using encrypted Kerberos keys to change a user's password leading to elevation of privilege.

Windows CG APIs, which take encrypted keys, do not limit what encryption or checksum types can be used with those keys. This can result in using weak encryption algorithms which could be abused to either generate keystreams or brute force encryption keys.

On Windows, the method for allocating a context when using the CG BCrypt APIs is insecure leading to use-after-free of secure memory resulting in elevation of privilege.

On Windows, a number of Kerberos CG APIs do not verify the ASN1 PDU type when decoding and encoding Kerberos ASN1 structures leading to type confusion and elevation of privilege.

The Windows kernel suffers from multiple memory problems when handling incorrectly formatted security descriptors in registry hives.