NewsSecurity

Zerologon Problem Threatens Certain Qnap NAS

Photo of Daniel Zimmermann Daniel ZimmermannOctober 23, 2020
0 78 1 minute read

Qnap representatives warned that the Zerologon vulnerability (CVE-2020-1472), patched by Microsoft as part of the August “update Tuesday”. And Zerologon Problem threatens some QNAP NAS models.

Let me remind you that many information security specialists called Zerologon the most dangerous mistake of the current year, and experts from the US Department of Homeland Security gave the federal agencies only three days to urgently fix the bug, otherwise they threatened to disconnect from federal networks.

The Zerologon vulnerability relies on a weak cryptographic algorithm used in the Netlogon authentication process. The problem was named Zerologon, since the attack is carried out by adding zeros to certain Netlogon authentication parameters. As a result, the bug allows an attacker to manipulate authentication, namely:

  • impersonate any computer on the network during authentication with a domain controller;
  • disable security mechanisms during Netlogon authentication;
  • change the computer password in the Active Directory domain controller.

Now Qnap experts report that NAS may be vulnerable to this problem if the user has configured the device as a domain controller (Control Panel -> Network & File Services -> Win/Mac/NFS -> Microsoft Networking).

Although NAS is not typically used as a Windows domain controller, sometimes organizations can use this feature to allow administrators to use some NAS models for user account management, authentication, and domain security. This is not common, but still occurs.

“As a result, the vulnerability allows a remote attacker to bypass security measures through a compromised device with QTS on board”, – say Qnap experts.

Qnap developers strongly recommend that users update the QTS operating system on their NAS as well as all installed applications. According to Qnap, QTS 2.x and QES are not affected by CVE-2020-1472 and the issue has already been fixed in the following versions of QTS:

  • QTS 4.5.1.1456 build 20201015 and newer;
  • QTS 4.4.3.1439 build 20200925 and newer;
  • QTS 4.3.6.1446 build 20200929 and newer;
  • QTS 4.3.4.1463 build 20201006 and newer;
  • QTS 4.3.3.1432 build 20201006 and newer.

Let me remind you that after the bug just appeared, we wrote that the Zerologon problem allows capturing Windows servers on corporate networks.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Tags
Photo of Daniel Zimmermann Daniel ZimmermannOctober 23, 2020
0 78 1 minute read
Photo of Daniel Zimmermann

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Sunburst backdoor with Kazuar malware

Security experts linked Sunburst backdoor with the Kazuar malware

January 12, 2021
Smart Home

Security researchers from North Carolina found out, that “smart home” is easy to fool

May 8, 2019
Rapid7 source code leaked

Rapid7 source code leaked due to Codecov hack

May 14, 2021
Apple bribery of police officers

Apple security chief accused of attempted bribery of police officers

November 26, 2020

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  | Adware.Guru;
Back to top button