CredSSP Encryption Oracle Remediation

Thanks to: https://www.netwoven.com/


INTRODUCTION

A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP). An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute code on the target system.

CredSSP is an authentication provider which processes authentication requests for other applications; any application which depends on CredSSP for authentication may be vulnerable to this type of attack.

As an example of how an attacker could exploit this vulnerability against Remote Desktop Protocol, the attacker would need to run a specially crafted application and perform a man-in-the-middle attack against a Remote Desktop Protocol session. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The security update addresses the vulnerability by correcting how Credential Security Support Provider protocol (CredSSP) validates requests during the authentication process.

1. SCENARIO



2. RDP SESSION

An update released by Microsoft (KB 4093492)on May 8, 2018, for Windows 10 Operation System was targeted to change the default settings CredSSP from Vulnerable to Mitigated.

A full list of the update and patches for all platform can be obtained from here.

However, post patching this caused an issue where the patched clients were blocked from communicating with unpatched servers over RDP protocols.

This has been reported to cause an error thrown by Windows RDP as below:3. WORKAROUND


Use the group policy settings changes described below to rollback the changes to ‘Vulnerable’ state to allow RDP access.


1. Open Group Policy Editor, by executing gpedit.msc


2. Policy path: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation
Run gpedit.msc and expand Administrative TemplatesExpand SystemExpand Credential DelegationEdit Encryption Oracle RemediationSelect Enabled and change Production Level to Vulnerable3. Run the command gpupdate /force to apply group policy settings.
4. Your remote desktop connection will be working fine now.


METHOD 2: Using Registry Editor (regedit.exe)
If you are using Home edition of Windows, you'll not be able to run gpedit.msc command because this edition doesn't come with Group Policy Editor. But you can enable Group Policy Editor in this edition using this tutorial.
If you can't use or don't want to use Group Policy Editor, you can take help of Registry Editor for the same task. Just follow these simple steps:
1. Press WIN+R keys together to launch RUN dialog box. Now type regedit and press Enter. It'll open Registry Editor.
2. Now go to following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
3. Create a new key under System key and set its name as CredSSP
4. Create another new key under CredSSP key and set its name as Parameters
5. Now select Parameters key and in right-side pane create a new DWORD AllowEncryptionOracle and set its value to 2
AllowEncryptionOracle_Registry_Editor_Windows.png
Restart your computer to take effect.
Now you'll be able to use remote connection between server and client without any issue.
PS: In future if you want to restore default settings, simply delete the DWORD created in above steps.

CONCLUSION

This is just a workaround and defeats the purpose of the patching. However, we need to ensure that future updates are installed as and when released by Microsoft so that the vulnerability is not exposed.

Comentarios

  1. Right Direction10 de noviembre de 2021, 10:40

    nice information

    Planning to go somewhere The Location
    Tracker     for the first time or moving to a new city or town, just update your maps and you are good to go hassle-free. Updating your GPS means you are going in the right direction for sure or you're not gonna get lost in your way. Just one step: The Location Tracker update

    ResponderEliminar

Publicar un comentario

Dime si la información de este blog te sirvio.

Entradas populares de este blog

Guía de herramientas básicas para estudiantes: 31 apps y webs imprescindibles para ayudarte con los estudios

Imagen
  Te traemos una guía con   31 aplicaciones y herramientas web para ayudarte como estudiante , una colección muy variada para sacar provecho en diferentes ámbitos en los que puedas necesitarlo. Nos hemos dejado fuera el ámbito educativo para los más jóvenes, recursos que tenemos en   esta otra guía , y nos hemos centrado en estudiantes más adultos. Hemos decidido centrarnos en herramientas prácticas, dejando fuera las plataformas para cursos online, tanto  las más conocidas  como  otras menos conocidas . Lo que hemos preferido buscar son recursos que puedas usar en tu día a día, como gestores de fuentes y citaciones, herramientas para diagramas, para intercambiar apuntes o para crear diferentes contenidos. Y lo que decimos siempre en Xataka Basics hoy cobra más sentido que nunca. Nosotros te traemos 31 herramientas, pero te invitamos a  compartir tus propuestas en la sección de comentarios  para que el resto de usuarios también pueda beneficiarse de los conocimientos de nuestros xatake
Leer más

Comando FOR para archivos BAT

Gracias a: http://profesoremiliobarco.blogspot.com/ El comando FOR sirve para ejecutar bucles de instrucciones, y es una instrucción que se encuentra disponible en todos los lenguajes de programación. Un bucle son varias repeticiones de algunas instrucciones. Este comando suele ser el más complicado de entender para las personas que empiezan a escribir archivos BAT complejos. Aqui intentaré explicar todas las opciones y usos del comando FOR, así como intentar resolver las dudas que los usuarios de Internet me puedan plantear. La sintaxis normal del comando FOR es: FOR %var IN (lista) DO (      comando     comando      ... )  Pero si lo vamos a usar dentro de un archivo BAT será así: FOR %%var IN (lista) DO (      comando     comando      ... ) Observa que la variable "var" ahora va precedida por dos simbolos de "%". Además, si este for está dentro de un archivo BAT, el nombre de la variable debe ser UNA SOLA LETRA (p.ej: %%n, %%i,  %%j , etc
Leer más

Policy Based Routing example: route one subnet via ISP A and another via ISP B

Imagen
thanks to: http://glennmatthys.wordpress.com/ Goal Setup a network with a Cisco router that routes one local subnet via internet connection A and another local subnet via internet connection B. In this example we’ll use one LAN side, which has two subnets: 192.168.1.0/24 192.168.2.0/24 We want traffic destined for the internet, originating from the 192.168.1.0/24 network, to be sent to ISP A, which is connected to FastEthernet0 We want traffic destined for the internet, originating from the 192.168.2.0/24 network, to be sent to ISP B, which is connected to FastEthernet1 Both internet connections get their IP address via DHCP. Prerequisites For this  configuration you’ll need: One dual WAN router, such as a 1811 Two internet connections (or simulated ones) 2 nodes, one for the 192.168.1.0/24 subnet and one for the 192.168.2.0/24 subnet. These can be two different computers, or two virtual machines, etc… ClientA, Windows 7, will connect to 192.168.1.0/24 and sur
Leer más