[Samba] Samba impact of "ZeroLogin" CVE-2020-1472

Andrew Bartlett abartlet at samba.org
Wed Sep 23 04:59:06 UTC 2020

On Tue, 2020-09-22 at 18:43 +0200, Marco Gaiarin via samba wrote:
> Mandi! Andrew Bartlett via samba
>   In chel di` si favelave...
> > If you don't have any trusted domains then the big thing is an
> > attacker
> > being able to remove a member server from the domain, or get
> > session
> > keys (assisting a takeover 'MITM attack' of an existing session).
> So, effectively, on NT domain the attack surface of the bug is
> reduced?

On Samba NT domains, yes.  Real NT domains never implemented the broken
crypto (but I'm sure are a pushover to break into anyway).

> If i've understood well the paper, in AD (but speak only about
> Microsoft AD DC, if again i've understood well) an attacker can
> completely take over the domain, escalating until Administrator's
> credential.


> In NT mode this is not effectively possible?

In short yes.

Andrew Bartlett

Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          

More information about the samba mailing list