Problem Description:
Starting from May 8\9 the client win10\winser2016 suddenly unable to access all remote win SER2012/16 resources in the test environment, prompting "An authentication error has occurred." Required function is not supported ... This may be due to the CREDSSP encryption Oracle fix ... " Win7 The English and Chinese versions indicate "authentication error occurred. Required function not supported "or" An authentication error have occurred and the required function is not supported "
Problem:
Win7 Error:
Specific information:
Remote Desktop Connection Error:
An authentication error has occurred. Required function is not supported
Remote computer: *.*.*.*
This may be due to the CREDSSP encrypted Oracle fix.
To learn more, please visit https://go.microsoft.com/fwlink/?linkid=866660
Troubleshoot the problem:
We are prompted to visit https://go.microsoft.com/fwlink/?linkid=866660
The discovery is due to the cve-2018-0886 CredSSP update that caused the problem to occur. Simply understand the following credssp:
The Credential Security Support Provider Protocol (CredSSP) is an authentication provider that handles authentication requests from other applications.
A remote code execution vulnerability exists in the unpatched version of CredSSP. An attacker who successfully exploited this vulnerability could relay user credentials on the target system to execute code. Any application that relies on CredSSP for authentication can be vulnerable to such attacks.
The security update fixes the vulnerability by correcting the way that CREDSSP validates requests during the authentication process.
Workaround:
To modify a local Group Policy:
Computer Configuration > Administrative Templates > System > Credential Assignment > Encrypt Oracle Remediation Select Enable and select Vulnerable.
Vulnerable – client applications using CREDSSP will attack the remote server with support for fallback to an insecure version, but services using CREDSSP will accept unpatched clients.
中文版:
Group Policy->computer configuration->administrative templates->system->credentials Delegation> Encrypted Oracle remediation Change to vulnerable
Vulnerable–client applications that use CredSSP would expose the remote servers to attacks by supporting fallback to Inse Cure versions, and services that use CredSSP would accept unpatched clients.
The steps are as follows:
1. Open the local Group Policy:
2. Expand Computer Configuration > Administrative Templates > System > Credential Assignment > Encrypt Oracle Remediation, enable encryption for Oracle remediation and select vulnerable, click OK to complete the setup.
3. The configuration options are as follows:
Supplemental: Encrypt Oracle Repair
This policy setting applies to applications that use the CredSSP component (for example, Remote Desktop Connection).
Some versions of the CredSSP protocol are susceptible to encrypted Oracle attacks against clients. This policy controls compatibility with vulnerable clients and servers. This policy allows you to set the level of protection required to encrypt an Oracle vulnerability.
If you enable this policy setting, CredSSP version support is selected based on the following options:
clients that are forced to update: client applications that use CredSSP will not be able to fall back to an unsecured version, and services that use CredSSP will not accept unpatched clients. Note: This setting should not be deployed until all remote hosts support the latest version.
Mitigation: client applications that use CredSSP will not be able to fall back to an unsecured version, but services that use CredSSP will accept unpatched clients. For important information about the risks posed by the remaining unpatched clients, see the links below.
Vulnerable: If a client application using CredSSP supports fallback to an unsafe version, the remote server will be vulnerable and the service using CredSSP will accept unpatched clients.
Reference Links:
https://support.microsoft.com/zh-cn/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018
https://support.microsoft.com/zh-cn/help/20180508/security-update-deployment-information-may-08-2018
Https://thehackernews.com/2018/03/credssp-rdp-exploit.html
Https://blog.preempt.com/security-advisory-credssp
Http://www.freebuf.com/vuls/166537.html
An authentication error has occurred and the requested function is not supported (this may be due to CREDSSP encrypted Oracle remediation)