Insufficient Hardening – Update KRBTGT Password

TCM-KB-INT-006
Last Updated: 12/27/2023



Windows Operating Systems

The recommended remediation steps and configurations described in this response would primarily affect systems running Microsoft Active Directory (AD) as a part of their IT infrastructure.



Insufficient hardening

Insufficient hardening in cybersecurity is the failure to adequately secure systems against threats. This can result from using default passwords, running unneeded services, neglecting security patches, leaving network ports open, and lacking proper monitoring or logging. This leaves the system more susceptible to attacks.

Contributor

Joe Helle

Chief Hacking Officer

This Knowledge Base Article was submitted by: Joe Helle.

Recent Blogs

AI-Automated Credential Stuffing

by Josh Daniels | Oct 15, 2025

Credential stuffing remains one of the most efficient paths to account takeover, and AI assistance is changing the scale and effectiveness of those attacks.

Update KRBTGT Password

Issue

The KRBTGT account was compromised, or the password needs to be rotated.

Recommended Remediation

The following outlines the recommended steps that the systems and network administrators should take in order to secure the environment.

From a domain controller, open the “Active Directory Users and Computer” dialog.

Select “View” -> “Advanced Features”. Select your domain and then select “Users”. In the details pane, right-click the “KRBTGT” user and click “Reset Password”.

TCM-KB-INT-007 Update KRBTGT Password

Enter a new password for the KRBTGT user, retype the password to confirm, and then click “Ok” to confirm the changes.

Wait a period of at least ten (10) hours to ensure the new password is replicated throughout the domain. Reset the KRBTGT account password again to ensure the password history of the KRBTGT account is cleared.

The above steps show a manual KRBTGT password reset, Microsoft also provides a PowerShell script to perform a password rotation: https://github.com/microsoft/New-KrbtgtKeys.ps1

Mitigation Confirmation

From a Device with the Active Directory module installed, run the following PowerShell commands:

import-module activedirectory
get-aduser krbtgt -property Created, PasswordLastSet

Confirm the KRBTGT password was reset on the day of this operation.

example title page of a pentesting report at TCM Security

See What We Can Do For You

Download a sample penetration test report to see the results we can deliver for your organization.

See How We Can Secure Your Assets

Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.