Displaying 2 results from an estimated 2 matches for "serverpasswordset".
Did you mean:
serverpasswordset2
2020 Sep 16
2
Samba impact of "ZeroLogin" CVE-2020-1472
...annel = auto
are NOT secure and we expect can result in full domain compromise,
particularly for AD domains.
Some public exploit tests, such as
https://github.com/SecuraBV/CVE-2020-1472/blob/master/zerologon_tester.py
only confirm that a ServerAuthenticate3 call operates, but not that the
ServerPasswordSet2 call required to exploit the domain also operates.
We are well aware of administrator concern and are looking to provide
patches that provide mitigation here, to make the ServerAuthenticate3
call also fail.
We, like Microsoft, suggest that 'server schannel = yes' must be set for
s...
2020 Sep 16
2
Samba impact of "ZeroLogin" CVE-2020-1472
...annel = auto
are NOT secure and we expect can result in full domain compromise,
particularly for AD domains.
Some public exploit tests, such as
https://github.com/SecuraBV/CVE-2020-1472/blob/master/zerologon_tester.py
only confirm that a ServerAuthenticate3 call operates, but not that the
ServerPasswordSet2 call required to exploit the domain also operates.
We are well aware of administrator concern and are looking to provide
patches that provide mitigation here, to make the ServerAuthenticate3
call also fail.
We, like Microsoft, suggest that 'server schannel = yes' must be set for
s...