[Samba] Samba impact of "ZeroLogin" CVE-2020-1472

Andrew Bartlett abartlet at samba.org
Fri Sep 18 18:42:16 UTC 2020

On Fri, 2020-09-18 at 15:39 +0200, Marco Gaiarin via samba wrote:
> Mandi! Karolin Seeger via samba
>   In chel di` si favelave...
> > (Both as classic/NT4-style and active direcory DC.)
> I've searched some info on impact of this bug on NT domains, finding
> nothing on the net.
> OK, NT domain are dead, i know, but... i seek some feedback.

On real NT4 domains?  

The particular crypto here was a Windows 2000 thing.  

NT4 used 2DES and RC4, which was actually secure for the purpose it was
used for.

On Samba NT4-like domains, see the advisory and read
source3/rpc_server/netlogon/srv_netlogon_nt.c for context.  

If you don't have any trusted domains then the big thing is an attacker
being able to remove a member server from the domain, or get session
keys (assisting a takeover 'MITM attack' of an existing session).

Just set 'server schannel = yes' and you will be fine, but better to
already be running a supported version where this is already the

Andrew Bartlett
Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          

More information about the samba mailing list