Pass-the-Ticket-Attack
“Pass-the-Ticket” ham ek tarah ka aisa attack hai jahan pe attacker ek user ke authentication tickets ko access karata hai aur phir use iska misuse karata hai.
Sabse pehle, aapko samajhna hai ki authentication ticket ek tarah ka security token hota hai, jo ek user ko authenticate karne ke liye use hota hai. Jab aap login karate hai apni Windows machine mein, aapka system ek authentication ticket generate karata hai, jise aapke user account ke liye encrypt kiya jata hai. Is authentication ticket ko aapke system ke sabhi servers mein propagate kiya jata hai, jisse aapko baar baar authentication karane ki jarurat na ho.
Lekin agar koi attacker is authentication ticket ko chura leta hai, to vo aapke naam se kisi bhi server mein authenticate ho sakata hai, aur vo us server par jo karna chahe kar sakata hai, jaise ki sensitive data access karna, passwords change karna, aur bhi bhaut se kaam.
Yah bilkul bachchon ke khilone ki tarah hota hai ki ek baccha koi chiz kharidne ke liye apni mummy se paise leta hai lekin use chutki mein kisi dusre bacche se chura liya jata hai. Aur phir vo chiz kharidne jaata hai. Aise hi, “Pass-the-Ticket” attack mein authentication ticket aapke naam se kisi dusre user ko diya jata hai, jisse vo aapke jagah authenticate ho jaata hai.
Isliye hamesha apne authentication ticket ko secure rakhen aur ek strong password ka upayog karke apne systems ko protect karen. Is prakaar se aap hackers aur cyber attackers se apne aap ko surakshit rakh sakten hai.”