Bug 13202 - wpad and isatap dns field registration
Summary: wpad and isatap dns field registration
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.13.3
Hardware: All All
: P5 critical (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
Depends on:
Reported: 2018-01-03 13:20 UTC by Denis Cardon
Modified: 2020-12-29 11:04 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Denis Cardon 2018-01-03 13:20:31 UTC
Since MS-AD 2k3, registration of wpad and isatap DNS entries is blocked by default through a registry setting.


It prevent a rogue workstation joined with the name WPAD or ISATAP to MITM the web traffic of application configured with automatic proxy connection discovery, like internet explorer for example. I guess it is more problem on MS-AD where an authenticated user could join 10 workstations to the domain. 

On Samba4-AD there is no such protection.