Weak passwords is a common mistake with many email users or even admins that manage domains.

I recently had the opportunity to demo the zerologon exploit and how it breaks your domain controllers in your environment. This means that Exchange will be broken as well. I am referring to CVE-2020-1472 and you need to have your systems patched.

Maybe you now understand why all MVP’s in different technologies tell you to patch your system, make sure you running the latest CU or Service Pack and hotfixes if there are any.

Going through this demo, it took an attacker 3 minutes to do what they needed to do. This entailed, resetting the Active Directory Server computer account password and once they had all the information, they were able to pass the hash and get the passwords for all accounts.

As this was a demo, it was okay to break the environment. In production you cannot afford to have to recover all your systems or even pay the Ransom. If you think a password like “ThisPasswordIsVerySecure@999” is strong, you are wrong. This gets hacked in litterly 10 minutes.

Please ensure that your Service Account Passwords, Admin Passwords are strong and that you have another form of security like MFA protecting your environments.

Please also train your end users and advise them that passwords like January@2020 or P@ssw0rd or DaddysGirl@123 is not secure. Remember, once they in your email and you have shared sensitive information like locations to banking info or sending passwords over email, makes an attackers life very easy.

Hope it helps.

Advertisements