UNAB 1281-1.0.2439 compatibility with CVE-2020-1472 to use only secure MS-NRPC
search cancel

UNAB 1281-1.0.2439 compatibility with CVE-2020-1472 to use only secure MS-NRPC

book

Article ID: 199246

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

Is UNAB compatible with CVE-2020-1472 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 to use only secure MS-NRPC communication ?

Environment

Release : 12.8

Component : CA ControlMinder

Cause

At a high level, the situation is that there is a domain controller side patch being mandated by Microsoft to address a Netlogon Remote Protocol (MS-NRPC) vulnerability.

 

After the patch is applied and enforcement is turned on the domain controllers,

 

all member server endpoint devices in the domain are subsequently required to use only secure MS-NRPC communication to maintain their domain joined machine account membership.

 

We’d like to confirm in advance that UNAB domain joined devices are compatible.

 

Resolution

UNAB does not use Netlogon Remote Protocol (MS-NRPC) - it is using Kerberos and kerberised LDAP to authenticate to AD.

Hence we can confirm that UNAB is not affected by this CVE