Bug 13202 - wpad and isatap dns field registration
wpad and isatap dns field registration
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
All All
: P5 normal
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2018-01-03 13:20 UTC by Denis Cardon
Modified: 2018-01-03 13:20 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Denis Cardon 2018-01-03 13:20:31 UTC
Since MS-AD 2k3, registration of wpad and isatap DNS entries is blocked by default through a registry setting.


It prevent a rogue workstation joined with the name WPAD or ISATAP to MITM the web traffic of application configured with automatic proxy connection discovery, like internet explorer for example. I guess it is more problem on MS-AD where an authenticated user could join 10 workstations to the domain. 

On Samba4-AD there is no such protection.