CVE-2020-2124 : samba - SMB1 client connections can be downgraded to plaintext authentication
Versions Affected : All versions prior to SCALE 22.02-RC.1-2
Description
A man in the middle attack can force the client side SMB1 code to fall-back to plaintext or NTLM based authentication even if Kerberos authentication was requested by the user or application.
An attacker can downgrade a negotiated SMB1 client connection and its capabitilities. Kerberos authentication is only possible with the SMB2/3 protocol or SMB1 using the NT1 dialect and the extended security (spnego) capability. Without mandatory SMB signing the protocol can be downgraded to an older insecure dialect like CORE, COREPLUS/CORE+, LANMAN1 or LANMAN2. Even if SMB signing is required it’s still possible to downgrade to the NT1 dialect if extended security (spnego) is not negotiated.
Workaround
No workaround is available. However, systems that do not use Samba are not vulnerable.
Mitigation
- Upgrade to TrueNAS SCALE 22.02-RC.1-2 or later