Microsoft Windows HTTP to LDAP Relay

This module supports running an HTTP server which validates credentials, and then attempts to execute a relay attack against an LDAP server on the configured RHOSTS hosts. It is not possible to relay NTLMv2 to LDAP due to the Message Integrity Check MIC. As a result, this will only work with...

Microsoft Windows SMB to LDAP Relay

This module supports running an SMB server which validates credentials, and then attempts to execute a relay attack against an LDAP server on the configured RHOSTS hosts. It is not possible to relay NTLMv2 to LDAP due to the Message Integrity Check MIC. As a result, this will only work with NTLMv...

The vulnerability of the NTLMv1 protocol implementation in Windows operating systems allows attackers to enhance their privileges.

The vulnerability of the NTLMv1 protocol in Windows operating systems is related to deficiencies in the authentication process. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

SUSE CVE-2018-1139

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client...

The vulnerability of the NTLMv1 authentication component in Samba network communication tools allows a hacker to gain unauthorized access to confidential data.

The vulnerability of the NTLMv1 authentication component in Samba network interactions is related to incomplete protection of user registration data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential information...

samba: Weak authentication protocol regression

A flaw was found in the way samba allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client...

ALPINE-CVE-2018-1139

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client...

USN-3738-1 samba vulnerabilities

Svyatoslav Phirsov discovered that the Samba libsmbclient library incorrectly handled extra long filenames. A malicious server could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2018-10858 Volker Mauel discovered that Samba...

UBUNTU-CVE-2018-1139

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client...

UBUNTU-CVE-2015-4515

Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message...