Was debugging some #Kerberos error messages in M$ Active Directory this morning. What a nice coincidence to find Orpheus' Lyre website just now.

#^Orpheus' Lyre

On Tuesday, 11 July 2017, at 1PM New York time, Microsoft, and various Linux distros and BSDs, released patches for Orpheus' Lyre.

We will be updating this blog post with more details as time passes. This vulnerability is quite serious, and we wish to give users a chance to apply patches before we discuss the full scope of the vulnerability. We urge users to apply and deploy patches forthwith and without delay.

In Greek mythology, Orpheus was a bard who put Cerberus to sleep with his music, and was then able to bypass Hades' guard. This vulnerability defeats Kerberos in a critical way permitting a bypass of mutual authentication. Thus we name it after Orpheus' Lyre much as Kerberos is named after Cerberus.

Its not actually a broken protocol, but it's all too easy to make subtle but disastrous implementation mistakes. Orpheus' Lyre is a serious vulnerability in some implementations of the Kerberos protocol.

MIT implemented it correctly, all others failed? Quite interesting.

#SSO