November 25, 2015
Microsoft’s BitLocker software is used by many companies to encrypt their employees’ hard disk drives. Ian Haken, a researcher with software security testing firm Synopsys, recently revealed that a trivial Windows authentication bypass puts data on BitLocker-encrypted drives at risk.
Companies relying on this software should install the latest Windows patches to fix the issue. It affects Windows computers that are part of a domain, a common configuration on enterprise networks. In domain-based authentication, the user's password is checked against a computer that serves as domain controller. When a laptop is taken outside the network and the domain controller cannot be reached, authentication relies on a local credentials cache on the machine. In order to prevent an attacker from connecting a stolen, lost or unattended laptop to a different network and creating a spoofed domain controller that accepts another password to unlock it, the authentication protocol also verifies that the machine itself is registered on the domain controller using a separate machine password. This additional check doesn't happen when the controller cannot be reached, because the protocol developers assumed that the attacker can't change the user password stored in the local cache.
Haken figured out a way to do it in the following manner. First, he set up a mock domain controller with the same name as the one the laptop is supposed to connect to. He then created the same user account on the controller as on the laptop and created a password for it with a creation date far in the past. When authentication is attempted with his password on the laptop, the domain controller will inform Windows that the password has expired and the user will automatically be prompted to change it. This happens before verifying that the machine is also registered on the controller. At this point he will have the ability to create a new password on the laptop, which will replace the original one in the local credentials cache.
Logging in while connected to the rogue domain controller would still fail, because the controller does not have the machine password. However, he could disconnect the laptop from the network in order to force a fallback to local authentication, which will now succeed because only the user password is verified against the cache. This is a logic flaw that has been in the authentication protocol since Windows 2000, the researcher said.
Microsoft fixed the vulnerability on Tuesday and published the corresponding MS15-122 security bulletin. This attack shows that when it comes to security, we constantly need to re-examine old truths, Haken said.