Abathuthukisi bephrojekthi ye-Samba abasebenzisi ukuthi muva nje Ukuba sengozini kwe-Windows ZeroLogin () kanye nasekusetshenzisweni kwesilawuli sesizinda esisekelwe ku-Samba. Ukuba sengozini amaphutha kuphrothokholi ye-MS-NRPC kanye ne-cryptographic algorithm ye-AES-CFB8, futhi uma isetshenziswe ngempumelelo, ivumela umhlaseli ukuthi athole ukufinyelela komlawuli kusilawuli sesizinda.
Ingqikithi yokuba sengozini ukuthi iphrothokholi ye-MS-NRPC (Netlogon Remote Protocol) ikuvumela ukuthi ubuyele emuva ekusebenziseni uxhumano lwe-RPC ngaphandle kokubethela lapho ushintsha idatha yokuqinisekisa. Umhlaseli angabese esebenzisa iphutha ku-algorithm ye-AES-CFB8 ukuze aphange ukungena ngemvume okuyimpumelelo. Ngokwesilinganiso, kuthatha cishe 256 imizamo spoofing ukungena ngemvume njengomlawuli. Ukuze wenze ukuhlasela, awudingi ukuba ne-akhawunti esebenzayo kusilawuli sesizinda; imizamo yokukhohlisa ingenziwa kusetshenziswa iphasiwedi engalungile. Isicelo sokuqinisekisa se-NTLM sizoqondiswa kabusha kusilawuli sesizinda, esizobuyisela ukwenqatshwa kokufinyelela, kodwa umhlaseli angakwazi ukuphamba le mpendulo, futhi isistimu ehlaselwe izobheka ukungena ngemvume njengempumelelo.
Ku-Samba, ukuba sengozini kuvela kuphela kumasistimu angasebenzisi ukulungiselelwa kokuthi “isiteshi seseva = yebo”, okuzenzakalelayo kusukela ku-Samba 4.8. Ikakhulukazi, amasistimu anezilungiselelo ze-"server schannel = no" kanye "nesiteshi seseva = okuzenzakalelayo" zingafakwa engozini, okuvumela i-Samba ukuthi isebenzise amaphutha afanayo ku-algorithm ye-AES-CFB8 njengaku-Windows.
Uma usebenzisa ireferensi elungiselelwe iWindows , ku-Samba kuphela ucingo oluya ku-ServerAuthenticate3 lusebenza, futhi umsebenzi we-ServerPasswordSet2 wehluleka (ukuxhaphaza kudinga ukulungiswa kwe-Samba). Mayelana nokusebenza kokunye ukuxhaphaza (, , , ) akukho lutho olubikiwe. Ungakwazi ukulandelela ukuhlaselwa kwamasistimu ngokuhlaziya ukubakhona kokufakiwe okubalula i-ServerAuthenticate3 kanye ne-ServerPasswordSet kumalogi okuhlola e-Samba.
Source: opennet.ru