search for: serverpasswordset2

...annel = auto are NOT secure and we expect can result in full domain compromise, particularly for AD domains. Some public exploit tests, such as https://github.com/SecuraBV/CVE-2020-1472/blob/master/zerologon_tester.py only confirm that a ServerAuthenticate3 call operates, but not that the ServerPasswordSet2 call required to exploit the domain also operates. We are well aware of administrator concern and are looking to provide patches that provide mitigation here, to make the ServerAuthenticate3 call also fail. We, like Microsoft, suggest that 'server schannel = yes' must be set for se...

...annel = auto are NOT secure and we expect can result in full domain compromise, particularly for AD domains. Some public exploit tests, such as https://github.com/SecuraBV/CVE-2020-1472/blob/master/zerologon_tester.py only confirm that a ServerAuthenticate3 call operates, but not that the ServerPasswordSet2 call required to exploit the domain also operates. We are well aware of administrator concern and are looking to provide patches that provide mitigation here, to make the ServerAuthenticate3 call also fail. We, like Microsoft, suggest that 'server schannel = yes' must be set for se...

Hi, I saw https://blog.rapid7.com/2020/09/14/cve-2020-1472-zerologon-critical-privilege-escalation/ and https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 today and I am wondering what impact if any this has on samba AD domains in particular and samba in general? Is samba using the "vulnerable Netlogon secure channel connection"? Will samba continue to