Researchers: Windows login data smb leaked to Internet




Security researchers have discovered a vulnerability in Windows fourteen years ago to give a new twist to know. The researchers were able to make smb login data captured by a rogue website, they claim.

The vulnerability is include in Windows 10, and is the first vulnerability in the new version of Windows to exploit the outside is. It claimed security researchers Jonathan Brossard and Hormazd Billa Moria at the Black Hat security conference in Las Vegas. The vulnerability to sexually abusing a design flaw of the SMB protocol that Microsoft does have taken steps against but never solved completely.

The attack is aimed at SMB, the file-sharing protocol in Windows. In the so-called smb relay attack from 2001 SMB traffic is redirected to a server that is managed by an attacker. Which thereby becomes available to the user and the hash of the user’s password. Which can then be cracked in a number of days, as obsolete hashing algorithms may be used.

Brossard and Billa Moria managed in order to allow that attack over the Internet expired, for example, with the aid of a website. “A site visit is then enough to overcome data,” said Brossard. “The only way to guard you against it, is blocking the SMB ports,” said Brossard against Tweakers.

The impact of the security problem depends on the configuration of the victim. He used no firewall on his PC or router and he allows SMB traffic from outside, then could log an outside attacker. This is impossible if a user has a firewall, but the capture of data than does work, says Brossard against Tweakers.

The researchers also demonstrated an attack where they abused the vulnerability from an e-mail; after the victim opened the mail, they were able to log in using their login data on the Exchange server and the mailbox locks.

The attack is abuse among more from the Edge browser in Windows 10, but according to the researchers, nearly all Windows software without its own tcp / ip stack vulnerable. Chrome itself is at least not vulnerable because the browser asks permission before connecting to an SMB server, but plug-ins that may be called from Chrome.


In: Technology & Gadgets Asked By: [15446 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »