Ideas (other than just mandetory schannel) for ZeroLogin CVE-2020-1472
Stefan Metzmacher
metze at samba.org
Wed Sep 16 11:29:16 UTC 2020
Am 16.09.20 um 07:51 schrieb Andrew Bartlett via samba-technical:
> This isn't on the bug
> https://bugzilla.samba.org/show_bug.cgi?id=14497
> because it isn't at that point yet, and isn't a MR as I've not even
> compiled it, but ideas (done with Gary) for mitigation for those who
> must run with schannel are:
>
> Ensure that the password set via ServerSetPassword2 is of non-zero
> length.
>
> Check the password does not have zero bytes in it.
>
> Check that the challenge in ServerAuthenticate3 does not have repeating
> patterns in the first 3 bytes and repeating 0s in the computed
> response.
MS-NRPC has added recently:
7. If none of the first 5 bytes of the client challenge is unique, the server MUST fail session-
key negotiation without further processing of the following steps.<70>
I'll add a similar check.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20200916/07d26215/signature.sig>
More information about the samba-technical
mailing list