Security Advisories

Trustwave Press Releases

« Wait a minute... that’s not a real JPG! | Main | Internet Explorer Zero Day: CVE-2014-0322 »

18 February 2014


Hi D,

This happens when an anonymous bind is performed. Responder is trying to force an authentication.

What causes responder to give the error "[LDAP]Operation not supported" ?

Well funny story, but in November 2013 (reference ms15955) I sent this exact bug to Microsoft informing them that the WPAD protocol does not obey the security settings defined in IE and auto responds to NTLM requests in a manner which it should not. I also provided them with 2 solutions to the problem which could be implemented in AD as well as the WPAD protocol itself. This would also solve the verification of the wpad.dat response.

Microsoft responded by saying that this type of attack would require "significant" exploitation of the network prior to a successful attack, and they recommend clients use kerberos tokens. This is kinda funny because we all know that everything falls back to NTLM if the connect is to an IP and not a hostname, right?

So there, Microsoft says your tool is moot.

BTW, I will use your tool instead of mine, cause its prettier, and has green text on a black terminal. Like a #manshell

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Your Information

(Name is required. Email address will not be displayed with the comment.)