News

Zerologon Problem Threatens Certain Qnap NAS

Qnap representatives warned that the Zerologon vulnerability (CVE-2020-1472), patched by Microsoft as part of the August “update Tuesday”. And Zerologon Problem threatens some QNAP NAS models.

Let me remind you that many information security specialists called Zerologon the most dangerous mistake of the current year, and experts from the US Department of Homeland Security gave the federal agencies only three days to urgently fix the bug, otherwise they threatened to disconnect from federal networks.

The Zerologon vulnerability relies on a weak cryptographic algorithm used in the Netlogon authentication process. The problem was named Zerologon, since the attack is carried out by adding zeros to certain Netlogon authentication parameters. As a result, the bug allows an attacker to manipulate authentication, namely:

  • impersonate any computer on the network during authentication with a domain controller;
  • disable security mechanisms during Netlogon authentication;
  • change the computer password in the Active Directory domain controller.

Now Qnap experts report that NAS may be vulnerable to this problem if the user has configured the device as a domain controller (Control Panel -> Network & File Services -> Win/Mac/NFS -> Microsoft Networking).

Although NAS is not typically used as a Windows domain controller, sometimes organizations can use this feature to allow administrators to use some NAS models for user account management, authentication, and domain security. This is not common, but still occurs.

“As a result, the vulnerability allows a remote attacker to bypass security measures through a compromised device with QTS on board”, – say Qnap experts.

Qnap developers strongly recommend that users update the QTS operating system on their NAS as well as all installed applications. According to Qnap, QTS 2.x and QES are not affected by CVE-2020-1472 and the issue has already been fixed in the following versions of QTS:

  • QTS 4.5.1.1456 build 20201015 and newer;
  • QTS 4.4.3.1439 build 20200925 and newer;
  • QTS 4.3.6.1446 build 20200929 and newer;
  • QTS 4.3.4.1463 build 20201006 and newer;
  • QTS 4.3.3.1432 build 20201006 and newer.

Let me remind you that after the bug just appeared, we wrote that the Zerologon problem allows capturing Windows servers on corporate networks.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Weaxor Virus (.rox Files Ransomware)

Weaxor Virus Ransomware Weaxor mean a ransomware-type infection. Weaxor was elaborated particularly to encrypt all…

3 hours ago

Remove Adblockelite.xyz pop-up ads (Virus Removal Guide)

Adblockelite.xyz is a site that tries to trick you into subscribing to its browser notifications…

10 hours ago

Remove Appcloud-center pop-up ads (Virus Removal Guide)

Appcloud-center.com is a site that tries to trick you into subscribing to its browser notifications…

10 hours ago

Remove Groopheetex pop-up ads (Virus Removal Guide)

Groopheetex.com is a site that tries to force you into clik to its browser notifications…

10 hours ago

Remove Vidstreambox pop-up ads (Virus Removal Guide)

Vidstreambox.com is a domain that tries to force you into clik to its browser notifications…

10 hours ago

Remove Mac-uptodate pop-up ads (Virus Removal Guide)

Mac-uptodate.com is a domain that tries to trick you into clik to its browser notifications…

10 hours ago