SMB1 client connections can be downgraded to plaintext authentication

Description

An attacker can downgrade a negotiated SMB1 client connection and its
capabitilities. Kerberos authentication is only possible with the
SMB2/3 protocol or SMB1 using the NT1 dialect and the extended
security (spnego) capability. Without mandatory SMB signing the
protocol can be downgraded to an older insecure dialect like CORE,
COREPLUS/CORE+, LANMAN1 or LANMAN2. Even if SMB signing is required
it’s still possible to downgrade to the NT1 dialect if extended
security (spnego) is not negotiated.

The attacker is able to get the plaintext password sent over the
wire even if Kerberos authentication was required.

The problem is only possible if all of the following options are
explicitly set together:

client NTLMv2 auth = no
client lanman auth = yes
client plaintext auth = yes
client min protocol = NT1 # or lower

In currently supported Samba versions all of the above options
have different default values, so the problem is very unlikely
to happen.

Samba 4.5 and older had an additional problem, even in the default
configuration, as they send ntlmv2, ntlm or lanman responses.
Which means the attacker might be able to do offline attacks in order
to recover the plaintext password, lmhash or nthash values.

Requiring Kerberos authentication for SMB1/2/3 connections can be controlled
by the ‘-k’/‘–kerberos’ or ‘-k yes’/‘–kerberos=yes’ command line options of
various tools like: smbclient, smbcquotas, smbcacls, net, rpcclient,
samba-tool and others. Note that 4.15 deprecated ‘-k/–kerberos*’
and introduced ‘–use-kerberos=required’ command line option
as well as the smb.conf option “client use kerberos = required”.

For libsmbclient based applications the usage of Kerberos is controlled by
the following function calls: smbc_setOptionUseKerberos(),
smbc_setOptionFallbackAfterKerberos() and smbc_setOptionNoAutoAnonymousLogin().

Patch Availability

A patch addressing this defect has been posted to

https://www.samba.org/samba/security/

Additionally, Samba 4.15.2, 4.14.10 and 4.13.14 have been issued as
security releases to correct the defect. Samba vendors and administrators
running affected versions are advised to upgrade or apply the patch as
soon as possible.

Workaround

Ensure the following [global] smb.conf parameters are set
to their default values as shown below:

client lanman auth = no
client NTLMv2 auth = yes
client plaintext auth = no
client min protocol = SMB2_02

Or use the ‘-k’ command line option only without the -U option,
which will make use of an existing krb5 ccache.

Credits

This vulnerability was discovered and researched by Stefan Metzmacher of
SerNet (https://samba.plus) and the Samba Team (https://www.samba.org),
who also provides the fixes.

== Our Code, Our Bugs, Our Responsibility.
== The Samba Team