21 years old Vulnerability Kerberos dubbed Orpheus’ Lyre – Patch is now Developed for both Windows, Mac & Linux Distros

, , 1 Comment

Rate this post

A bug has been discovered in Kerberos Network by a team of security researchers in Network Authentication protocol. It is named as Orpheus’ Lyre. This bug is related to man in the middle attack attack which can lead to steal security info. The fixes has been developed in the form of patches.

Kerberos Security Flaw –  Main in The Middle Attack

Kerberos is a computer network authentication that confirms a secure communication by allowing the end computers to prove their authentication. The authentication is done on the basis of Tickets. Kerebros is made on the principal of symmetric key cryptography that needs a trusted third party which checks all this.

A team of security scientist have fond a bug in Kerberos Authentication protocol. The vulnerability is named as Orpheus’ Lyre. Orpheus was a Greek mythological musician who controls a 3 headed hound. via his lyre music. Kerberos was also named on Cerberos.

Kerberos Vulnerability Explained in Brief

Kerberos  protocol flaw affects OS like Appe, Windows & Linux systems. The bug is 21 year old & now been fixed using the patch released by creators of these Operating systems.

This bus has affects on three implements of Kerberos. The open source Heimdal implementation of Kerberos V5. The MIT implementation of Kerberos is unaffected yet. Samba & FreeBSD is affected.

21 years old Vulnerability Kerberos dubbed Orpheus’ Lyre

21 years old Vulnerability Kerberos dubbed Orpheus’ Lyre

Kerberos Protocol Gets Patch in Windows, Linux & Mac

Keberos Protocol has plenty of unauthenticated plain-text. This is called a cryptographic sin by researchers. The observation of researchers have told that these messages are neither encrypted nor integral. Now to make the protocol make secure despite it is having so many unauthenticated plain-text. To authenticate there must be good measures to authorise a user.

The ticket issued in KDC responses that allow one to use a specific un-authenticate plain-text instead of authenticated copy of same text. The flaw is removed by proper use of Metadata in KCD response encrypted portion. The bug cause the metadata to be removed from the unauthenticated plain-text.

The bug let a hacker to steal the information from the restricted data banks via man in the middle. You can see more details via CVEs and patches can be found in the security blog post.

Hope you find this useful. Subscribe us for more information like these. Thank You.


One Response

Leave a Reply