Ideas (other than just mandetory schannel) for ZeroLogin CVE-2020-1472
metze at samba.org
Wed Sep 16 11:29:16 UTC 2020
Am 16.09.20 um 07:51 schrieb Andrew Bartlett via samba-technical:
> This isn't on the bug
> because it isn't at that point yet, and isn't a MR as I've not even
> compiled it, but ideas (done with Gary) for mitigation for those who
> must run with schannel are:
> Ensure that the password set via ServerSetPassword2 is of non-zero
> Check the password does not have zero bytes in it.
> Check that the challenge in ServerAuthenticate3 does not have repeating
> patterns in the first 3 bytes and repeating 0s in the computed
MS-NRPC has added recently:
7. If none of the first 5 bytes of the client challenge is unique, the server MUST fail session-
key negotiation without further processing of the following steps.<70>
I'll add a similar check.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the samba-technical