Netlogon (Zerologon) Vulnerability (CVE-2020-1472): “An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), a.k.a. Netlogon Elevation of Privilege Vulnerability.”
The vulnerability stems from a flaw in a cryptographic authentication method used by the Netlogon Remote Protocol (MS-NRPC). MS-NRPC is a Windows Server process that authenticates users and other services within a domain using the Advanced Encryption Standard (AES) Cipher Feedback (CFB) mode as its encryption protocol. MS-NRPC reuses a static, zero-value initialization vector (IV) in AES CFB8 mode. Essentially, this improper use of static IV is what renders the whole AES scheme weak and cause the vulnerability. In a properly implemented AES CFB8 cryptographic scheme, IVs should be random as opposed to being static. As a result of this weakness, an unauthenticated attacker can impersonate a domain-joined computer, including a domain controller, and potentially obtain domain administrator privileges.
The attack is realized by choosing a client challenge with a credential of all zeros (hence the naming Zerologon). This will allow an attacker to have 1 in 256 chance of successfully authenticating as any domain-joined computer, by using an empty password.
More on the Netlogon (CVE-2020-1472) Vulnerability
A minor oversight on the implementation of a highly secure encryption algorithm could undermine all the intended security and render systems bare exposed to attackers. This is what caused the Netlogon (Zerologon) vulnerability.
In a proper implementation of AES-CFB8 encryption (128-bit), 16 bytes blocks of data are permuted to output the same size of encrypted data. For this purpose, first a 16 bytes of Initialisation Vector (IV) is prepended to the message. In the next step, AES is applied on the first 16 bytes of data. Then, the first byte of the encrypted output is XORed with the first byte of the plain text message. This results in 1 byte of encrypted message. Shifting right by 1 byte at a time, the encryption scheme is repeated until all the message is encrypted. This is illustrated in Figure 1.
According to the AES-CFB8 encryption specification, the IV value must be unique and randomly generated. However, in the MS-NRPC implementation, this IV value is fixed, that is 16 bytes of 0’s. This violation of the AES-CFB8 requirement results in an output of all 0’s with a probability of 1 in 256, when the plain text is all 0’s too. This 1 in 256 probability is due to the inner workings of AES and we will not go into such detail in the context of this vulnerability. Figure 2 depicts this faulty implementation of AES-CFB8 encryption.
To sum up, when a client challenge of all 0’s is chosen, 1 in 256 attempts, an attacker will successfully authenticate as any domain-joined computer, by providing an empty password.
For a quick overview of the CVE-2020-1472, you could also watch the below content provided by the Secura.
An unauthenticated attacker with network access to a domain controller can impersonate any domain-joined computer, including a domain controller.
Category: Elevation of Privilege
CVSS 3.1 Base Score: 10.0 Critical
CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
To defend against possible attacks due to the Netlogon (Zerologon) vulnerability (CVE-2020-1472), domain controllers needs to be updated. Please refer to Microsof’s advisory and/or use the test tool published by Secura to detect if your domain controller is vulnerable or not.
There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files.Bruce Schneier
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
References to Advisories, Solutions and Tools
- Microsoft Advisory
- A Blog Post from Secura
- A White Paper from Secura
- ZerolLogon Testing Script from Secura