OS makers plug decades-old critical Kerberos crypto bug

A bug in the implementations of a cryptographic protocol left popular operating systems vulnerable to authentication bypass for 21 years, researchers have discovered.

The protocol, Kerberos, is used in Microsoft Windows, Apple OS X/macOS, Linux distributions and the UNIX-like BSD operating systems, as well as the open source Samba file sharing application.

Attackers who have a man in the middle network position can exploit the vulnerability in several ways, including remote credential theft and privilege escalation.

Researchers Jeffrey Altman, Nicolas Williams, and Viktor Dukhovni discovered the vulnerability while investigating another bug in the Heimdal open source implementation of Kerberos.

They named it Orpheus Lyre, the bard in Greek mythology who made the three-headed watchdog to Hades, Cerberus or Kerberos, fall asleep with his music in order to bypass the creature.

Kerberos has been around since the middle of the 1980s, and is widely used in applications such as Microsoft's Active Directory. 

In Windows, Kerberos replaced the Microsoft and IBM-developed NT LAN Manager (NTLM) protocol as the default for authentication.

The protocol uses key distribution centres that issue short-lived tickets for authentication. The bug caused unauthenticated plaintext metadata to be used, which in turn could be exploited for service impersonation attacks, the researchers found.

While the vulnerability is not in the original Kerberos protocol, it was introduced by later implementations and has existed for 21 years, they found.

The researchers speculated it stemmed from a premature optimisation effort that wasn't discovered until now, as it didn't cause the Kerberos implementations to fail.

Microsoft patched the vulnerability in this week's set of monthly security updates. FreeBSD, Samba, Debian and Fedora Linux have also issued patches for the vulnerability.