Nicolas Williams

**Name of the Vulnerable Software and Affected Versions** Heimdal versions prior to 7.4 **Description** The issue is related to the ` krb5 extract ticket()` function, which obtains service-principal names in a way that violates the Kerberos 5 protocol specification. This allows remote attackers to impersonate services with Orpheus' Lyre attacks. The problem arises because the function uses the unencrypted version of the service name stored in `ticket` instead of the encrypted version stored in `enc part`. This provides an opportunity for successful server impersonation and other attacks. **Recommendations** For Heimdal versions prior to 7.4, update to version 7.4 or later to resolve the issue. As a temporary workaround, consider modifying the ` krb5 extract ticket()` function to obtain the KDC-REP service name from the encrypted version stored in `enc part` instead of the unencrypted version stored in `ticket`. Restrict access to sensitive data and services until the update is applied to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version **Description** A security-feature bypass issue allows attackers to affect the system. This issue is related to Kerberos failing to prevent tampering with the SNAME field during ticket exchange. **Recommendations** For Microsoft Windows versions prior to the fixed version, update to a version that includes the fix for this issue to prevent attackers from bypassing Extended Protection for Authentication. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MIT Kerberos 5 versions prior to 1.14 **Description** The issue allows remote attackers to cause a denial of service, resulting in an incorrect pointer read and process crash. This is achieved by sending a crafted SPNEGO packet that is mishandled during a gss inquire context call. **Recommendations** For versions prior to 1.14, update to version 1.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the gss inquire context call to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MIT Kerberos 5 (krb5) versions prior to 1.14 **Description** The issue allows remote attackers to cause a denial of service, resulting in an incorrect pointer read and process crash. This occurs when a crafted IAKERB packet is mishandled during a gss inquire context call, due to reliance on an inappropriate context handle. **Recommendations** For versions prior to 1.14, update to version 1.14 or later to resolve the issue.