Credential Theft Flaw Found in Most Kerberos Implementations

Microsoft, FreeBSD and several Linux distributions have released security updates to fix a serious Kerberos vulnerability that could allow man-in-the-middle attackers to impersonate servers and potentially steal credentials.
The flaw was found by developers Jeffrey Altman, Nicolas Williams and Viktor Dukhovni in Heimdal, an open-source implementation of the Kerberos 5 network authentication protocol.
The three developers were analyzing a bug with a Heimdal feature that had been created by Williams and Dukhovni for their company when they uncovered a much more serious problem in Kerberos’ mutual authentication process. Upon further investigation, they determined that other Kerberos implementations, including the ones in Windows and MacOS, were also affected.
What these independently developed implementations had in common was that during the authentication process, the service name they used was taken from a piece of unencrypted and unauthenticated data called the Ticket instead of extracting it from the encrypted metadata in the KDC (Key Distribution Center) response.
According to the three developers, this oversight “allows an attacker who is on-path (physically or logically) between the client and the services it talks to (including the KDCs) to mount a service impersonation attack on the client.”
The vulnerability “can be exploited in a number of ways, and in some cases it can lead to remote credential theft, and thus remote privilege escalation, largely defeating Kerberos,” they said on a website dedicated to the vulnerability
The flaw has been present in Heimdal since 1996 and in Microsoft’s Kerberos implementation since it was first introduced in Windows 2000. One of the reasons why it has remained undiscovered for so long is that it didn’t cause the affected implementations to fail in any way and it didn’t break interoperability between them, the developers said.
It’s worth noting that the problem is not in the protocol specification itself. As a result, not all implementations are affected. For example, the Kerberos 5 implementation maintained by the Massachusetts Institute of Technology, which originally developed the protocol, is not vulnerable.
Altman, Williams and Dukhovni have dubbed the vulnerability Orpheus’ Lyre after the bard from Greek mythology who put Hades’ guard dog Cerberus to sleep with his music. They warn that there are more twists about the flaw, but they will hold back the details for a few days to give users time to patch.
Microsoft fixed the vulnerability as part of its monthly security updates for Windows released Tuesday. FreeBSD also released patches and updated Heimdal packages should soon be distributed by various Linux distributions, including Debian.
Updated packages have also been released for Samba because all versions of Samba from 4.0.0 include an embedded copy of Heimdal.
“Note that this vulnerability is a client-side vulnerability,” the three developers said. “You must patch all affected clients. You cannot patch servers to mitigate or defeat this vulnerability.”