Get a Quote   (408) 943-4100               TrueNAS Discord      VendOp_Icon_15x15px   Commercial Support

Versions Affected : All versions prior to SCALE 22.02-RC.1-2


Description

A man in the middle attack can force the client side SMB1 code to fall-back to plaintext or NTLM based authentication even if Kerberos authentication was requested by the user or application.

An attacker can downgrade a negotiated SMB1 client connection and its capabitilities. Kerberos authentication is only possible with the SMB2/3 protocol or SMB1 using the NT1 dialect and the extended security (spnego) capability. Without mandatory SMB signing the protocol can be downgraded to an older insecure dialect like CORE, COREPLUS/CORE+, LANMAN1 or LANMAN2. Even if SMB signing is required it’s still possible to downgrade to the NT1 dialect if extended security (spnego) is not negotiated.

Workaround

No workaround is available. However, systems that do not use Samba are not vulnerable.


Mitigation

  • Upgrade to TrueNAS SCALE 22.02-RC.1-2 or later

Commit

Further information