Unsolved
2 Posts
0
574
January 28th, 2021 12:00
CVE-2020-1472/Zerologon and Impacted OneFS Versions
Hi all,
I was able to find article 180891 stating that all OneFS versions v8.1 and above would not be impacted by Zerologon. Are any versions earlier than v8.1 impacted? If so, is there any workaround besides upgrading OneFS to v8.1 or later?
Thanks in advance.
0 events found
No Events found!
DELL-Sam L
Moderator
•
7.9K Posts
0
January 29th, 2021 11:00
Hello jchellis
Here is an additional link that has some more information about CVE-2020-1472. It maybe affected in earlier versions of OneFS prior to 8.1, but I am not able to confirm with any documentation
https://dell.to/3ahTXRw
jchellis
2 Posts
1
January 29th, 2021 14:00
Thanks for the extra info. I ended up setting up a OneFS v7.2.1 simulator in a test environment and tied it to a test Active Directory. After some logins, I found the 7.2.1 simulator was authenticating using Kerberos and not NTLM, and therefore should NOT be impacted.
Additionally, I also followed the detection strategy outlined by Microsoft:
https://support.microsoft.com/en-us/topic/how-to-manage-the-changes-in-netlogon-secure-channel-connections-associated-with-cve-2020-1472-f7e8cc17-0309-1d6a-304e-5ba73cd1a11e#bkmk_detectingnon_compliant
For OneFS v7.2.1, no 5829 events were detected on my test domain controller after establishing some logins through the AD (All auth'd using Kerberos). As I don't have access to older OneFS simulators I could not test older versions than that.