Researchers find an authentication protocol bug that affects Windows, Linux and Apple


Authentication Protocol

A bypass bug present in the Kerberos cryptographic authentication protocol fixed in patches from Microsoft, Samba, Fedora, FreeBSD, and Debian.

The discoverers of the ancient Kerberos bypass bug have called it Orpheus Lyre after Orpheus. Kerberos, named after Cerberos, implemented as a cryptographic authentication protocol in products like Microsoft’s Active Directory. Microsoft fixed the bug in the latest update.

Samba, Debian, and FreeBSD are also affected through the open-source Heimdal implementation of Kerberos V5. Heimdal before version 7.4 is vulnerable. It appears Apple’s Kerberos implementation in macOS is also vulnerable to Orpheus Lyre.

LeakerLocker, an Android ransomware leak users personal information to all their contacts


Researchers explain that Orpheus Lyre is used by a man-in-the-middle attacker to remotely steal credentials, and from there gain privilege escalation to defeat Kerberos encryption. The Kerberos protocol relies on a trusted third-party called the key distribution center (KDC).

These KDCs issue “short-lived tickets” used to authenticate a client to a specific service. An encrypted portion of the ticket contains the name of the intended user, metadata, and a session key. The KDC also provides the user with a session key that creates an Authenticator.

Kerberos’ “original cryptographic sin” was the abundance of unauthenticated plaintext in the protocol. While Kerberos can be secure, implementing it so as to authenticate plaintext is difficult.

Dell develops a new version of its Endpoint Security Suite for air-gapped systems

The researchers haven’t detailed every method of exploiting the Orpheus Lyre bug but, an attacker sitting between a client and server can impersonate some services to the client. The bug also closed by patching end-user systems rather than servers.

If the client presents a Ticket and Authenticator, and the service can decrypt the Ticket, extract the session key, and decrypt the Authenticator with the session key, then the client possessed the cryptographic key with which to make that Authenticator.