Open redirect

2019-03-0408:29:00

PRIOn knowledge base

www.prio-n.com

9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.8%

JSON

Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote attackers to steal NTLM hashes or perform SMB relay attacks upon a direct launch of the product, or upon an indirect launch via an integration such as Chrome, Firefox, Word, Outlook, etc. This occurs because the product attempts to access a share with the PLUG-INS subdomain name; an attacker may be able to use Active Directory Domain Services to register that name.

CPENameOperatorVersion
antidotege8.0
antidotelt8.05.2287
antidotege9.0
antidotelt9.5.3937
antidotege10.0
antidotelt10.1.2147

Name	Operator	Version
antidote	ge	8.0
antidote	lt	8.05.2287
antidote	ge	9.0
antidote	lt	9.5.3937
antidote	ge	10.0
antidote	lt	10.1.2147

References

gosecure.net/2019/02/20/abusing-unsafe-defaults-in-active-directory/

www.druide.com/en/news/security-improvement-antidote-windows