Microsoft WINS Domain Controller Spoofing Vulnerability

Windows Internet Naming Service (WINS) ships with Microsoft Windows NT Server. WINS resolves IP addresses with network computer names in a client-to-server environment. A distributed database is updated with an IP address for every machine available on the network.

Unfortunately WINS fails to properly verify the registration of domain controllers. A user can modify the entries for a domain controller, causing the WINS service to redirect requests for the DC to another system. This can lead to a loss of network functionality for the domain. The DC impersonator can also be set up to capture username and password hashes passed to it during login attempts.


Privacy Statement
Copyright 2010, SecurityFocus