Security News > 2020 > September > Zerologon – hacking Windows servers with a bunch of zeros
As you can probably tell from the name, it involves Windows - everyone else talks about logging in, but on Windows you've always very definitely logged on - and it is an authentication bypass, because it lets you get away with using a zero-length password.
On a Windows network, the secret component is the domain password of the computer you're connecting from.
A buffer of 516 bytes that specifies the new password, formatted as bytes of random data, followed by N bytes specifying the password, followed by the password length N expressed as a 4-byte number.
Of course, the 516 all-zero bytes that the researchers now needed to supply in the encrypted password buffer forced them to specify a password length of zero, which you might think would be disallowed by the server.
Happily - or perhaps slightly less unhappily - the password change that they were able make didn't reset the server's actual login password, so the researchers couldn't simply login directly and take over the server via a conventional Windows desktop.
News URL
https://nakedsecurity.sophos.com/2020/09/17/zerologon-hacking-windows-servers-with-a-bunch-of-zeros/
Related news
- Week in review: Windows Server 2025 gets hotpatching option, PoC for SolarWinds WHD flaw released (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Windows Server 2025 released—here are the new features (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues (source)