A vulnerability was found in several independently developed implementations of Kerberos which caused that metadata were taken from the unauthenticated plaintext (the Ticket) rather than the authenticated and encrypted KDC response. Proposed patch: https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea
External References: https://www.orpheus-lyre.info/
Statement: This issue does not affect the version of MIT Kerberos implementation as shipped with Red Hat Enterprise Linux. This issue also does not affect the version of Samba as shipped with Red Hat Enterprise Linux.
Created heimdal tracking bugs for this issue: Affects: fedora-all [bug 1469998]