CVE-2017-11103

Name of the Vulnerable Software and Affected Versions Heimdal versions prior to 7.4

Description The issue is related to the krb5 extract ticket() function, which obtains service-principal names in a way that violates the Kerberos 5 protocol specification. This allows remote attackers to impersonate services with Orpheus' Lyre attacks. The problem arises because the function uses the unencrypted version of the service name stored in ticket instead of the encrypted version stored in enc part. This provides an opportunity for successful server impersonation and other attacks.

Recommendations For Heimdal versions prior to 7.4, update to version 7.4 or later to resolve the issue. As a temporary workaround, consider modifying the krb5 extract ticket() function to obtain the KDC-REP service name from the encrypted version stored in enc part instead of the unencrypted version stored in ticket. Restrict access to sensitive data and services until the update is applied to minimize the risk of exploitation.