Η Microsoft has recently corrected vulnerability to disk encryption feature in BitLocker, which could be exploited very easily by doing bypass within a few seconds.
A disk encryption tool is a very important software to protect our data, thousands of machines rely on it to protect their users' data, but we should also think that these applications could be affected by critical shortcomings.
In September, the security specialist James Forshaw, a member of his team Project Zero of Google, identified two critical vulnerabilities in the driver where the popular encryption tool, TrueCrypt installed on Windows systems. Vulnerabilities could be exploited by attackers to gain access to protected data.
The BitLocker is another popular disk encryption tool designed by Microsoft and it is based on an incredible number of users to protect its data!
The news is that BitLocker can be circumvented very easily.
Prior to this tool, an attacker could simply boot a live Linux distribution on the disk that contains the data and access it. OR full–disk encryption starts when the machine starts, protecting the data with impenetrable encryption.
Ο hook explained that computers that connect to domains that are more exposed to attacks if attackers can disconnect the machine from the network and the domain server can not be reached. In this attack scenario, the Windows machine uses a local username and password stored in the cache. The researcher discovered a method to access and modify the cached password. In this way the attacker is able to bypass full-disk encryption.
The researcher proved that by creating a false domain server with the same name, the attacker had only to create a user account with the password that the user had previously created. This trick triggers a policy-based change password, at this stage it is enough to change the password and connect to the pc using the password set in the cache.
Η Microsoft has already fixed its vulnerability and has classified it as a low priority as its use requires specific conditions.