module
Netlogon Weak Cryptographic Authentication
| Disclosed | Created |
|---|---|
| N/A | Sep 23, 2020 |
Disclosed
N/A
Created
Sep 23, 2020
Description
A vulnerability exists within the Netlogon authentication process where the security properties granted by AES
are lost due to an implementation flaw related to the use of a static initialization vector (IV). An attacker
can leverage this flaw to target an Active Directory Domain Controller and make repeated authentication attempts
using NULL data fields which will succeed every 1 in 256 tries (~0.4%). This module leverages the vulnerability
to reset the machine account password to an empty string, which will then allow the attacker to authenticate as
the machine account. After exploitation, it's important to restore this password to it's original value. Failure
to do so can result in service instability.
are lost due to an implementation flaw related to the use of a static initialization vector (IV). An attacker
can leverage this flaw to target an Active Directory Domain Controller and make repeated authentication attempts
using NULL data fields which will succeed every 1 in 256 tries (~0.4%). This module leverages the vulnerability
to reset the machine account password to an empty string, which will then allow the attacker to authenticate as
the machine account. After exploitation, it's important to restore this password to it's original value. Failure
to do so can result in service instability.
Authors
Tom Tervoort
Spencer McIntyre
Dirk-jan Mollema
Spencer McIntyre
Dirk-jan Mollema
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.