Baetsi ba morero oa Samba basebelisi hore haufinyane Kotsi ea Windows ZeroLogin () le ts'ebetsong ea molaoli oa sebaka sa Samba. Kotsi liphoso ho protocol ea MS-NRPC le AES-CFB8 cryptographic algorithm, 'me haeba e sebelisoa ka katleho, e lumella mohlaseli ho fumana phihlello ea motsamaisi ho molaoli oa sebaka.
Taba ea bofokoli ke hore protocol ea MS-NRPC (Netlogon Remote Protocol) e u lumella ho khutlela morao ho sebelisa khokahano ea RPC ntle le encryption ha u fapanyetsana data ea netefatso. Motho ea hlaselang a ka sebelisa phoso ho algorithm ea AES-CFB8 ho senya ho kena ka katleho. Ka karolelano, ho nka liteko tse ka bang 256 tsa spoofing ho kena joalo ka motsamaisi. Ho etsa tlhaselo, ha ho hlokahale hore u be le ak'haonte e sebetsang ho molaoli oa domain; liteko tsa spoofing li ka etsoa ho sebelisa password e fosahetseng. Kopo ea netefatso ea NTLM e tla fetisetsoa ho molaoli oa sebaka, e tla khutlisa ho hana ho fihlella, empa mohlaseli a ka senya karabo ena, mme sistimi e hlasetsoeng e tla nka hore ho kena ho atlehile.
Ho Samba, ts'oaetso e hlaha feela lits'ebetsong tse sa sebeliseng "sechanelo sa seva = e", e leng ntho ea kamehla ho tloha Samba 4.8. Ka ho khetheha, litsamaiso tse nang le "server schannel = che" le "server schannel = auto" li ka senyeha, tse lumellang Samba ho sebelisa liphoso tse tšoanang le algorithm ea AES-CFB8 joaloka Windows.
Ha u sebelisa referense e lokiselitsoeng Windows , ho Samba feela mohala o eang ho ServerAuthenticate3 o sebetsa, 'me opereishene ea ServerPasswordSet2 e hloleha (ts'ebetso e hloka ho ikamahanya le maemo bakeng sa Samba). Mabapi le ts'ebetso ea lisebelisoa tse ling (, , , ) ha ho letho le tlalehoang. U ka latela litlhaselo tsa sistimi ka ho sekaseka boteng ba likenyelletso tse buang ka ServerAuthenticate3 le ServerPasswordSet ho li-log tsa tlhahlobo tsa Samba.
Source: opennet.ru