Researchers Uncovered A New Technique For Stealing Login Credentials


Researchers at security firm Cylance has uncovered a new technique for stealing login credentials from any Windows PC, tablet or server. 

The vulnerability, dubbed as Redirect to SMB allows attackers to steal user credentials by hijacking communications with legitimate web servers via man-in-the-middle attacks, then sending them to malicious SMB (server message block) servers that force them to spit out the victim’s username, domain and hashed password. 

Attack Scenario:


The attack is based on a vulnerability discovered by Aaron Spangler in 1997. He found that supplying URLs beginning with the word “file” (such as file://1.1.1.1/) to Internet Explorer would cause the operating system to attempt to authenticate with a SMB server at the IP address 1.1.1.1. These "file" URLs could be provided as an image, iframe, or any other web resource resolved by the browser.

Affected Softwares:

Adobe Reader, Apple QuickTime, Apple Software Update, Internet Explorer, Windows Media Player, Excel 2010, Microsoft Baseline Security Analyzer, Symantec’s Norton Security Scan, AVG Free, BitDefender Free, Comodo Antivirus, .NET Reflector, Maltego CE, Box Sync, TeamViewer, Github for Windows, PyCharm, IntelliJ IDEA, PHP Storm and JDK 8u31’s installer.



For more technical details download the whitepaper here.

image credit : DuoSecurity

No comments

Powered by Blogger.