Wczm – Tom Tervoort
An privilege escalation vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). The Zerologon vulnerability (CVE-2020-1472) made use of an all-zero IV in the AES-CFB8 implementation used by Microsoft’s Netlogon authentication protocol which allows an attacker to easily spoof credentials. An attacker can use this attack to change any Active Directory password and become Domain Admin.