It was revealed this week that Microsoft patched a major vulnerability last month. The problem…
The Zerologon vulnerability relies on a weak cryptographic algorithm used in the Netlogon authentication process. The problem was named Zerologon, since the attack is carried out by adding zeros to certain Netlogon authentication parameters. As a result, the bug allows an attacker to manipulate authentication, namely:
Now Qnap experts report that NAS may be vulnerable to this problem if the user has configured the device as a domain controller (Control Panel -> Network & File Services -> Win/Mac/NFS -> Microsoft Networking).
Although NAS is not typically used as a Windows domain controller, sometimes organizations can use this feature to allow administrators to use some NAS models for user account management, authentication, and domain security. This is not common, but still occurs.
“As a result, the vulnerability allows a remote attacker to bypass security measures through a compromised device with QTS on board”, – say Qnap experts.
Qnap developers strongly recommend that users update the QTS operating system on their NAS as well as all installed applications. According to Qnap, QTS 2.x and QES are not affected by CVE-2020-1472 and the issue has already been fixed in the following versions of QTS:
Let me remind you that after the bug just appeared, we wrote that the Zerologon problem allows capturing Windows servers on corporate networks.
News-xbuhoxu.store is a domain that tries to force you into subscribing to its browser notifications…
News-xbadeyo.today is a site that tries to force you into clik to its browser notifications…
News-bbutohu.info is a site that tries to trick you into clik to its browser notifications…
News-bbucoxe.today is a domain that tries to force you into clik to its browser notifications…
News-xdetake.cc is a domain that tries to force you into clik to its browser notifications…
News-bbufiya.today is a domain that tries to force you into subscribing to its browser notifications…