Pwnie Awards 2017

2020 Nomination for Best Privilege Escalation Bug

Zerologon

Wczm - Tom Tervoort

An privilege escalation vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). The Zerologon vulnerability (CVE-2020-1472) made use of an all-zero IV in the AES-CFB8 implementation used by Microsoft’s Netlogon authentication protocol which allows an attacker to easily spoof credentials. An attacker can use this attack to change any Active Directory password and become Domain Admin.

SA44601 - 2020-10: Security Bulletin