Exploit for Authentication Bypass by Primary Weakness in Microsoft CVE-2024-20674

Name: Exploit for Authentication Bypass by Primary Weakness in Microsoft CVE-2024-20674
Rating: 5 (78 reviews)

2025-04-12 | CVSS 8.8

## https://sploitus.com/exploit?id=950C5A1E-1B9C-5E77-8B70-123060B908BF
# CVE-2024-20674

This is my take at an exploit of the public CVE CVE-2024-20674 to achieve Kerberos mutual authentication bypass using a logic bug in the client-side handling of Kerberos U2U TGT-REP.
This can be used for instance to serve arbitrary GPOs when spoofing the DC to a client, and take control of a machine.

**Pre-requisites**: Network Man In the Middle, unauthenticated.

### Explanation of the exploit in this paper

https://www.sstic.org/2025/presentation/l_outillage_reseau_windows_une_affaire_d_implementation/

### Demo

https://github.com/user-attachments/assets/6dc25e26-b42a-41a0-bc73-8fc4a0a0c5ee

### Warning

The demo/ folder contains GPOs that will probably destroy the client configuration (add guest user to Administrators, disable UAC, disable firewall)