UNAB 1281-1.0.2439 compatibility with CVE-2020-1472 to use only secure MS-NRPC
Article ID: 199246
Updated On:
Products
CA Virtual Privilege Manager
CA Privileged Identity Management Endpoint (PIM)
Issue/Introduction
Is UNAB compatible with CVE-2020-1472 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 to use only secure MS-NRPC communication ?
Environment
Release : 12.8
Component : CA ControlMinder
Cause
At a high level, the situation is that there is a domain controller side patch being mandated by Microsoft to address a Netlogon Remote Protocol (MS-NRPC) vulnerability.
After the patch is applied and enforcement is turned on the domain controllers, all member server endpoint devices in the domain are subsequently required to use only secure MS-NRPC communication to maintain their domain joined machine account membership.
We’d like to confirm in advance that UNAB domain joined devices are compatible.
Resolution
UNAB does not use Netlogon Remote Protocol (MS-NRPC) - it is using Kerberos and kerberised LDAP to authenticate to AD.
Hence we can confirm that UNAB is not affected by this CVE
Hence we can confirm that UNAB is not affected by this CVE
Feedback
Yes
No
Powered by
