CVE-2022-33679

HIGH

Windows Kerberos - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2022-33679. PoCs published by Bdenneu, Amulab, notareaperbutDR34P3r.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2022-33679, a Kerberos authentication bypass vulnerability. The exploit leverages a flaw in the RC4-HMAC encryption type to recover the session key and forge a valid TGT, allowing authentication bypass.

Description

Windows Kerberos Elevation of Privilege Vulnerability

Exploits (5)

nomisec WORKING POC 415 stars
by Bdenneu · poc
https://github.com/Bdenneu/CVE-2022-33679

This repository contains a functional exploit for CVE-2022-33679, a Kerberos authentication bypass vulnerability. The exploit leverages a flaw in the RC4-HMAC encryption type to recover the session key and forge a valid TGT, allowing authentication bypass.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Complex
Reliability
Reliable
Target: Microsoft Active Directory Domain Services (AD DS)
No auth needed
Prerequisites: Network access to the target KDC · Valid domain name and target server name
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 7 stars
by Amulab · poc
https://github.com/Amulab/CVE-2022-33679

This repository contains a functional exploit for CVE-2022-33679, a vulnerability in Kerberos authentication. The exploit manipulates the PA-ENC-TIMESTAMP pre-authentication mechanism to bypass authentication by crafting malicious AS-REQ requests.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Complex
Reliability
Reliable
Target: Microsoft Active Directory Kerberos (KDC)
No auth needed
Prerequisites: Network access to the KDC · Valid domain name
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 4 stars
by notareaperbutDR34P3r · poc
https://github.com/notareaperbutDR34P3r/Kerberos_CVE-2022-33679

This repository contains a functional exploit for CVE-2022-33679, a Kerberos authentication bypass vulnerability. The PoC leverages a brute-force approach to recover the session key and forge a valid TGT, allowing unauthorized access to Active Directory services.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Active Directory Kerberos (Windows Server 2019, 2022, and others)
No auth needed
Prerequisites: Network access to the domain controller · Valid domain username (no password required)
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 4 stars
by Blyth0He · poc
https://github.com/Blyth0He/CVE-2022-33679

This repository contains a functional exploit for CVE-2022-33679, a vulnerability in Kerberos authentication. The exploit leverages a flaw in the AS-REQ pre-authentication process to bypass authentication by manipulating the keystream used for encrypting timestamps.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Complex
Reliability
Reliable
Target: Microsoft Active Directory Kerberos (KDC)
No auth needed
Prerequisites: Network access to the KDC · Valid domain name
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SCANNER
by soy-oreocato · poc
https://github.com/soy-oreocato/CVE-2022-33679_Checker

This repository contains a Python-based scanner that checks for CVE-2022-33679, a vulnerability allowing Kerberos AS-REP roasting without pre-authentication. It sends a crafted AS-REQ to the KDC and analyzes the response to determine vulnerability status.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Active Directory Domain Services (Kerberos KDC)
No auth needed
Prerequisites: Network access to the target Domain Controller (TCP/88) · Valid domain and username
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.1
EPSS 0.0808
EPSS Percentile 94.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (7)
microsoft/windows_server_2008
microsoft/windows_server_2008 r2 sp1
microsoft/windows_server_2012
microsoft/windows_server_2012 r2
microsoft/windows_server_2016
microsoft/windows_server_2019
microsoft/windows_server_2022 (2 CPE variants)
Published Sep 13, 2022
Tracked Since Feb 18, 2026