Orpheus' Lyre
Thu, 13 Jul 2017 16:11:58 +0200
Was debugging some #Kerberos error messages in M$ Active Directory this morning. What a nice coincidence to find Orpheus' Lyre website just now.
#^Orpheus' Lyre
#SSO
#^Orpheus' Lyre
On Tuesday, 11 July 2017, at 1PM New York time, Microsoft, and various Linux distros and BSDs, released patches for Orpheus' Lyre.
We will be updating this blog post with more details as time passes. This vulnerability is quite serious, and we wish to give users a chance to apply patches before we discuss the full scope of the vulnerability. We urge users to apply and deploy patches forthwith and without delay.
In Greek mythology, Orpheus was a bard who put Cerberus to sleep with his music, and was then able to bypass Hades' guard. This vulnerability defeats Kerberos in a critical way permitting a bypass of mutual authentication. Thus we name it after Orpheus' Lyre much as Kerberos is named after Cerberus.
Its not actually a broken protocol, but it's all too easy to make subtle but disastrous implementation mistakes. Orpheus' Lyre is a serious vulnerability in some implementations of the Kerberos protocol.MIT implemented it correctly, all others failed? Quite interesting.
#SSO
This website is tracked using the Piwik analytics tool. If you do not want that your visits are logged this way you can set a cookie to prevent Piwik from tracking further visits of the site (opt-out).