logo

Port 2105 – EKLOGIN (Eklogin Protocol)

Service:

eklogin

Protocol:

TCP

Port:

2105

Used for:

Kerberos encrypted remote login

Why It’s Open

Port 2105 is used for Eklogin (Encrypted Kerberos Login), which provides secure remote login capabilities using Kerberos authentication and encryption. This service is predominantly found in academic and research environments, particularly those using MIT’s Project Athena infrastructure or similar Kerberos-based authentication systems. Eklogin enables users to establish secure terminal sessions with enhanced protection against eavesdropping compared to standard remote login services, as it encrypts the entire session using Kerberos tickets.

Common Risks

  • Kerberos vulnerabilities
    Weaknesses in the Kerberos implementation itself
  • Ticket replay attacks
    Captured Kerberos tickets reused by attackers
  • Outdated encryption
    Legacy Kerberos versions using weak ciphers
  • Clock synchronization issues
    Time skew causing authentication failures or bypasses
  • Key distribution vulnerabilities
    Compromised key exchange between KDC and clients
  • Privilege escalation
    Using Eklogin to gain elevated access rights

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

logo-cta

Enumeration & Testing

Service Detection:

Terminal window
nmap -sV -p 2105

Kerberos Enumeration:

Terminal window
nmap --script krb5-enum-users --script-args krb5-enum-users.realm='EXAMPLE.COM' -p 2105

Check for Authentication Methods:

Terminal window
telnet  2105

Kerberos Ticket Testing:

Terminal window
kinit -V username@REALM

What to Look For

CheckpointWhat it means
Kerberos versionCheck for outdated Kerberos implementations with known vulnerabilities
Encryption algorithmsVerify if strong encryption is enforced (AES vs. RC4 or DES)
Ticket lifetimeCheck if tickets have appropriate expiration settings
Pre-authenticationVerify if Kerberos pre-authentication is required
Network exposureCheck if the service is accessible from untrusted networks

Mitigation

  • Update to modern Kerberos
    Use latest Kerberos versions with security enhancements
  • Enforce strong encryption
    Configure AES-256 or stronger cipher requirements
  • Implement pre-authentication
    Require Kerberos pre-authentication to prevent offline attacks
  • Limit ticket lifetimes
    Configure appropriate ticket expiration timeframes
  • Network segmentation
    Restrict Eklogin access to internal networks only
  • Clock synchronization
    Ensure proper time sync between KDC and clients
  • Monitor authentication failures
    Implement alerting for failed login attempts

TL;DR

  • Port 2105 = Eklogin Protocol service
  • Protocol: TCP
  • Used for: Kerberos encrypted remote login
  • Security focus: Proper configuration and monitoring required

Known CVEs and Exploits

  • CVE-2003-0138 – Kerberos implementation vulnerabilities in encrypted login services
  • Authentication bypass – Weak Kerberos configurations allowing unauthorized access
  • Credential replay attacks – Exploitation of improper ticket validation mechanisms
  • Protocol downgrade attacks – Forcing weaker encryption algorithms in login sessions