Pwnie Awards 2017

2020 Nomination for Best Cryptographic Attack

Zerologon

Tom Tervoort

The Zerologon vulnerability (CVE-2020-1472) made use of an all-zero IV in the AES-CFB8 implementation used by Microsoft’s Netlogon authentication protocol allows an attacker to easily spoof credentials. An attacker can use this attack to change any Active Directory password and become Domain Admin.

CVE-2020-1472