Your Web News in One Place

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
September 16, 2020 03:30 am

Zerologon Attack Lets Hackers Take Over Enterprise Networks Within 3 Seconds

An anonymous reader writes: Researchers have developed and published a proof-of-concept exploit for a recently patched Windows vulnerability that can allow access to an organization's crown jewels -- the Active Directory domain controllers that act as an all-powerful gatekeeper for all machines connected to a network. CVE-2020-1472, as the vulnerability is tracked, carries a critical severity rating from Microsoft as well as a maximum of 10 under the Common Vulnerability Scoring System. Exploits require that an attacker already have a foothold inside a targeted network, either as an unprivileged insider or through the compromise of a connected device. However, when this condition is met, it's literally game over for the attacked company, as an attacker can hijack its entire network within three seconds by leveraging a bug in the Netlogon authentication protocol cryptography by adding zero characters in certain Netlogon authentication parameters, bypassing authentication procedures and then changing the password for the DC server itself. The technical report from Secura B.V., a Dutch security firm, is available here.

Read more of this story at Slashdot.


Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Rfk-0XjW5gw/zerologon-attack-lets-hackers-take-over-enterprise-networks-within-3-seconds

Share this article:    Share on Facebook
View Full Article

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot