Vulnerability Assessment of Authentication Methods in a Large-Scale Computer System

Abstract: Vulnerabilities exist in almost all software programs. Some software is more vulnerable than others. A method that can be used to mitigate the vulnerabilities is penetration testing. In this thesis, a penetration test was conducted on a large scale computer system provided by a company. The goal of the thesis was to see if vulnerabilities could be found, with a focus on the field of authentication. After conduction a thorough penetration test there were vulnerabilities found that threaten the confidentiality and integrity of the system. Authentication vulnerabilities were found by leaking password hashes and by performing pass-the-hash and pass-the-ticket exploits.