MNBSD-2017-0: Heimdal KDC-REP service name validation allows service impersonation

Severity: Unknown

Affected Package: heimdal

Summary: Heimdal KDC-REP service name validation allows service impersonation

Description

The Heimdal Kerberos implementation obtained the service-principal name from the unencrypted portion of the KDC-REP message instead of the encrypted enc_part, violating the Kerberos 5 protocol (the 'Orpheus' Lyre' attack). A man-in-the-middle attacker could impersonate a trusted service and intercept user credentials. Fixed by importing the Heimdal 7.4 correction from FreeBSD.

Affected Versions

heimdal

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2017-11103

Published: August 08, 2017
Last Modified: August 08, 2017