20 years-old Orpheus’ Lyre vulnerability in Kerberos fixed this week

A 20 years-old vulnerability in Kerberos, dubbed Orpheus’ Lyre, was parched this week for both Microsoft and Linux distros.

A 20 years-old vulnerability in Kerberos was parched this week for both Microsoft and Linux distros.

The vulnerability dubbed Orpheus’ Lyre has been found three months ago by Jeffrey Altman, founder of AuriStor, and Viktor Dukhovni and Nicolas Williams from Two Sigma Investments. The issue

The flaw, tracked as CVE-2017-11103, was found in Heimdal, an open-source implementation of Kerberos, like the mythological character Orpheus played his lyre with such grace that it lulled Cerberus to sleep, this issue can bypass Kerberos.

The issue could result in remote privilege escalation and credential theft, an attacker can trigger it to access the target network.

“The original cryptographic sin of Kerberos is an abundance of unauthenticated plaintext in the protocol. That is, portions of Kerberos messages are neither encrypted nor integrity-protected in some direct cryptographic manner. In some cases that sin is likely born of premature optimization — the mother of many bugs. Kerberos can be secure despite this surfeit of unauthenticated plaintext, but it requires extreme care by implementors to get every detail right so as to authenticate said plaintext.” reads the description for the Orpheus’ Lyre .”Orpheus’ Lyre happened because of one instance of unauthenticated plaintext, and the ease with which the specific plaintext could accidentally be used instead of an authenticated copy of the same text. The unauthenticated plaintext issue at hand is this: the Ticket issued in KDC responses. “

The flaw is related the way Kerberos handles authentication messages, the expert discovered that flawed implementations of Kerberos fetched metadata from unprotected key distribution center (KDC) tickets rather than encrypted KDC responses.

“The attacker needs to be on the network and to have control over a service principle that the client could communicate with,” Altman told The Register. “As far as we know there are no exploits in the wild. But it certainly is exploitable and we consider it to be very serious.”

“Given how broadly Kerberos has been deployed over the last almost 30 years, it clearly is in a wide ecosystem with a lot of different vendors,” 

The Orpheus’ Lyre bug affects multiple different Kerberos 5 implementations, including one by Microsoft and by the KTH Royal Institute of Technology in Sweden (Heimdal).

Altman recommends to review every Kerberos implementation, not every vendor can be expected to have fixed the vulnerability and in some cases, the vendors went out of the market.

Altman explained that the flaw could have been prevented by removing the unencrypted fields in order to force the use of the encrypted ones when the authentication request is composed.

“In _krb5_extract_ticket() the KDC-REP service name must be obtained from encrypted version stored in ‘enc_part’ instead of the unencrypted version stored in ‘ticket’. Use of the unecrypted version provides an opportunity for successful server impersonation and other attacks.” wrote Altman.

“The fact that this has been around for as long as it has been in open source, I think, is just one more case that should debunk the theory that open source programming is in some way more secure than closed source programming.”

The expert pointed out that if IT giants like Microsoft failed in identifying the problem other companies missed it, the same story for the entire open source community.

Altman has no doubt, this kind of issues will continue to plague the open-source community because developers are often not compensated for their contributions.

“We will never be reimbursed for the cost to our lives and the lost time to our companies for having done this favor to the world,” Altman  concluded. “As a society, we need to understand what the costs of this work are.” 

[adrotate banner=”9″]

Pierluigi Paganini 

(Security Affairs – Kerberos, Orpheus’ Lyre)

[adrotate banner=”13″]