ZEROLOGON Vulnerability




ZeroLogon is a vulnerability which exits within the netlogon protocol.


What is netlogon ?


Netlogon service is a Authentication Mechanism used in the Windows Client Authentication Architecture which verifies logon requests, and it registers, authenticates, and locates Domain Controllers.

For more info visit


This vulnerability is exploitable due to flaw that is present with the encryption implimentation of AES-CFB8 (which is used for netlogon protocol encryption)


Sending a string of zeros to the netlogon triggers the vulnerability. By doing so the attacker can do privilege escalation and gain the admin privileges.

This can provide the attacker with :

-Access to the entire domain

-Further exploitation

-Network disruption

-Data exfiltration


In August 2020 Microsoft has provided a security update regarding this vulnerability which you can find here


You can use the ZeroLogon Tester Script to test your network for this vulnerability.

You can find the scipt here : https://github.com/SecuraBV/CVE-2020-1472


Secura has also released a whitepaper which you can find here


Hope this post was informational.

Until next post Stay tuned

9 views

People Do Crazy Stuff and We are one of them.

Thinkers and doers, from the field of Cybersecurity, Ethical Hacking, Python, Dark Net and Forensics, getting inspired from people from the same as well as different field of knowledge.

  • 800px-Telegram_2019_Logo.svg
  • Twitter
  • Instagram
  • Facebook

© 2020 by Bluefire Redteam LLP