Skip to main content

A Team Of Security Researchers Has Found A Bug In The Kerberos Network Authentication Protocol

A bypass bug present in the Kerberos cryptographic authentication protocol for 21 years has now been fixed in patches from Microsoft, Samba, Fedora, FreeBSD, and Debian.
A team of security researchers has found a bug in the Kerberos network authentication
protocol. Called Orpheus’ Lyre, this flaw could be used by a man-in-the-middle attacker to steal credentials, and gain escalated privileges. The fixes for the affected platforms have been released in the form of patches.
Aerberos is a computer network authentication protocol that ensures a secure communication by allowing the nodes to prove their identity to each other securely. This is done on the basis of Tickets. Kerberos is based on symmetric key cryptography and needs a trusted third-party.
A team of researchers has found a bug in the Kerberos authentication protocol. They have named this vulnerability as Orpheus’ Lyre. For those who don’t know, Orpheus was a Greek mythological musician who controlled a three-headed hound, Cerberos, with his lyre’s music. Kerberos is itself named after Cerberos.

Kerberos vulnerability explained in brief

Coming back to the flaw, it affects operating systems from the likes of Apple, Microsoft, FreeBSD, Red Hat, and Debian. This 21-year-old bug has now been fixed in the patches released by the creators of different operating systems.
This bug affects three implementations of Kerberos. Through the open source Heimdal implementation of Kerberos V5, Samba and FreeBSD are affected. It should be noted that the MIT implementation of Kerberos remains unaffected.
In Kerberos protocol, there’s an abundance unauthenticated plaintext, something which has been called cryptographic sin by the researchers. As a result, portions of messages are neither encrypted nor integrity-protected. To make sure that the protocol remains secure despite the wealth of unauthenticated plaintext, extreme care has been taken to authenticate the said plaintext.
But, one instance, the Ticket issued in KDC responses, could allow one to use a specific unauthenticated plaintext instead of authenticated copy of same text. This flaw is mitigated by the proper use of the metadata in the KCD response’s encrypted portion. However, due to the bug, that metadata could be taken from the unauthenticated plaintext.
This bug, Orpheus’ Lyre, allows a man-in-the-middle attacker to remotely steal details and gain escalated privileges. The details regarding relevant CVEs and patches can be found in the security blog post.

Comments

WHAT'S HOT

Amazon Cuts Huawei Watch 2 Price To $194.99

Huawei's latest smartwatch has received a temporary price cut in the United States. There is no word on how long the promotion will last, but those interested

This Medical Camera Can See Right Through Human Body

Now, a team at the University of Edinburgh has developed a medical camera that can see right through your body. This new camera works by detecting light sources inside the body, such as

Google Search About To Receive A New “Speed Test Tool”, Here Is How To Use It

I use the Speed Test tool by Ookla to check the speed of my broadband connection. Generally, I use Google Search to visit the website. But the last time when I Googled the term “speed test,” I didn’t have to go much further than the search result itself.

The First Ubuntu 17.10 Beta Release Is Finally Here-Download 7 Different Flavors Here

Following the tradition, the first Beta release hasn’t witnessed the participation of default Ubuntu release, which will now ship with GNOME desktop environment. This brings us to the