Vulnerabilities > CVE-2015-0005 - 7PK - Security Features vulnerability in Microsoft products

047910
CVSS 4.3 - MEDIUM
Attack vector
ADJACENT_NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE

Summary

The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka "NETLOGON Spoofing Vulnerability."

Common Weakness Enumeration (CWE)

Msbulletin

bulletin_idMS15-027
bulletin_url
date2015-03-10T00:00:00
impactSpoofing
knowledgebase_id3002657
knowledgebase_url
severityImportant
titleVulnerability in NETLOGON Could Allow Spoofing

Nessus

  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS15-027.NASL
    descriptionThe remote Windows host is affected by a spoofing vulnerability due to the Netlogon service improperly establishing a secure communications channel to a different machine with a spoofed computer name. A remote attacker, on a domain-joined system with the ability to observe network traffic, can exploit this vulnerability to obtain session-related data of the spoofed computer. This information can be used to mount further attacks. Note that this vulnerability only affects a server if it is configured as a domain controller.
    last seen2020-06-01
    modified2020-06-02
    plugin id81741
    published2015-03-10
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81741
    titleMS15-027: Vulnerability in NETLOGON Could Allow Spoofing (3002657)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81741);
      script_version("1.13");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id("CVE-2015-0005");
      script_bugtraq_id(72933);
      script_xref(name:"MSFT", value:"MS15-027");
      script_xref(name:"MSKB", value:"3002657");
    
      script_name(english:"MS15-027: Vulnerability in NETLOGON Could Allow Spoofing (3002657)");
      script_summary(english:"Checks the version of Netlogon.dll");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host is affected by a spoofing vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote Windows host is affected by a spoofing vulnerability due to
    the Netlogon service improperly establishing a secure communications
    channel to a different machine with a spoofed computer name. A remote
    attacker, on a domain-joined system with the ability to observe
    network traffic, can exploit this vulnerability to obtain
    session-related data of the spoofed computer. This information can be
    used to mount further attacks.
    
    Note that this vulnerability only affects a server if it is configured
    as a domain controller.");
      script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-027");
      script_set_attribute(attribute:"solution", value:
    "Microsoft has released a set of patches for Windows 2003, 2008, 2008
    R2, 2012, 2012 R2.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-0005");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/03/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows : Microsoft Bulletins");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
      script_require_keys("SMB/MS_Bulletin_Checks/Possible");
      script_require_ports(139, 445, "Host/patch_management_checks");
    
      exit(0);
    }
    
    include("audit.inc");
    include("smb_hotfixes_fcheck.inc");
    include("smb_hotfixes.inc");
    include("smb_func.inc");
    include("smb_reg_query.inc");
    include("misc_func.inc");
    
    get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
    
    bulletin = 'MS15-027';
    kb  = "3002657";
    
    kbs = make_list(kb);
    if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
    productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1);
    
    if (hotfix_check_sp_range(win2003:'2', vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
    if ("Server" >!< productname) audit(AUDIT_OS_SP_NOT_VULN); # non-server OSes are not affected
    
    share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
    if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
    
    # Unless paranoid, check if the server is a DC
    if (report_paranoia < 2)
    {
      registry_init();
      hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);
      res = get_registry_value(handle:hklm, item:"SYSTEM\CurrentControlSet\Control\ProductOptions\ProductType");
      RegCloseKey(handle:hklm);
      if (res != 'LanmanNT')
      {
        close_registry();
        audit(AUDIT_HOST_NOT, 'configured as a domain controller');
      }
    
      NetUseDel(close:FALSE);
    }
    
    if (
      # Windows Server 2012 R2
      hotfix_is_vulnerable(os:"6.3", sp:0, file:"netlogon.dll", version:"6.3.9600.17678", min_version:"6.3.9600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
    
      # Windows Server 2012
      hotfix_is_vulnerable(os:"6.2", sp:0, file:"netlogon.dll", version:"6.2.9200.21391", min_version:"6.2.9200.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"6.2", sp:0, file:"netlogon.dll", version:"6.2.9200.17273", min_version:"6.2.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
    
      # Server 2008 R2
      hotfix_is_vulnerable(os:"6.1", sp:1, file:"netlogon.dll", version:"6.1.7601.22966", min_version:"6.1.7601.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"6.1", sp:1, file:"netlogon.dll", version:"6.1.7601.18759", min_version:"6.1.7600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||
    
      # Windows Server 2008
      hotfix_is_vulnerable(os:"6.0", sp:2, file:"netlogon.dll", version:"6.0.6002.23629", min_version:"6.0.6002.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
      hotfix_is_vulnerable(os:"6.0", sp:2, file:"netlogon.dll", version:"6.0.6002.19319", min_version:"6.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||
    
      # Windows Server 2003
      hotfix_is_vulnerable(os:"5.2", sp:2, file:"netlogon.dll", version:"5.2.3790.5551", dir:"\system32", bulletin:bulletin, kb:kb)
    )
    {
      set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
      hotfix_security_warning();
      hotfix_check_fversion_end();
      exit(0);
    }
    else
    {
      hotfix_check_fversion_end();
      audit(AUDIT_HOST_NOT, 'affected');
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3548.NASL
    descriptionSeveral vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2015-5370 Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC code which can lead to denial of service (crashes and high cpu consumption) and man-in-the-middle attacks. - CVE-2016-2110 Stefan Metzmacher of SerNet and the Samba Team discovered that the feature negotiation of NTLMSSP does not protect against downgrade attacks. - CVE-2016-2111 When Samba is configured as domain controller, it allows remote attackers to spoof the computer name of a secure channel
    last seen2020-06-01
    modified2020-06-02
    plugin id90515
    published2016-04-14
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90515
    titleDebian DSA-3548-1 : samba - security update (Badlock)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-3548. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90515);
      script_version("2.16");
      script_cvs_date("Date: 2019/07/15 14:20:30");
    
      script_cve_id("CVE-2015-5370", "CVE-2016-2110", "CVE-2016-2111", "CVE-2016-2112", "CVE-2016-2113", "CVE-2016-2114", "CVE-2016-2115", "CVE-2016-2118");
      script_xref(name:"DSA", value:"3548");
    
      script_name(english:"Debian DSA-3548-1 : samba - security update (Badlock)");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in Samba, a SMB/CIFS
    file, print, and login server for Unix. The Common Vulnerabilities and
    Exposures project identifies the following issues :
    
      - CVE-2015-5370
        Jouni Knuutinen from Synopsys discovered flaws in the
        Samba DCE-RPC code which can lead to denial of service
        (crashes and high cpu consumption) and man-in-the-middle
        attacks.
    
      - CVE-2016-2110
        Stefan Metzmacher of SerNet and the Samba Team
        discovered that the feature negotiation of NTLMSSP does
        not protect against downgrade attacks.
    
      - CVE-2016-2111
        When Samba is configured as domain controller, it allows
        remote attackers to spoof the computer name of a secure
        channel's endpoint, and obtain sensitive session
        information. This flaw corresponds to the same
        vulnerability as CVE-2015-0005 for Windows, discovered
        by Alberto Solino from Core Security.
    
      - CVE-2016-2112
        Stefan Metzmacher of SerNet and the Samba Team
        discovered that a man-in-the-middle attacker can
        downgrade LDAP connections to avoid integrity
        protection.
    
      - CVE-2016-2113
        Stefan Metzmacher of SerNet and the Samba Team
        discovered that man-in-the-middle attacks are possible
        for client triggered LDAP connections and ncacn_http
        connections.
    
      - CVE-2016-2114
        Stefan Metzmacher of SerNet and the Samba Team
        discovered that Samba does not enforce required smb
        signing even if explicitly configured.
    
      - CVE-2016-2115
        Stefan Metzmacher of SerNet and the Samba Team
        discovered that SMB connections for IPC traffic are not
        integrity-protected.
    
      - CVE-2016-2118
        Stefan Metzmacher of SerNet and the Samba Team
        discovered that a man-in-the-middle attacker can
        intercept any DCERPC traffic between a client and a
        server in order to impersonate the client and obtain the
        same privileges as the authenticated user account."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2015-5370"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2016-2110"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2016-2111"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2015-0005"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2016-2112"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2016-2113"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2016-2114"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2016-2115"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2016-2118"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2016-2113"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2016-2114"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.samba.org/samba/latest_news.html#4.4.2"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.samba.org/samba/history/samba-4.2.0.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.samba.org/samba/history/samba-4.2.10.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/samba"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/samba"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2016/dsa-3548"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the samba packages.
    
    For the oldstable distribution (wheezy), these problems have been
    fixed in version 2:3.6.6-6+deb7u9. The oldstable distribution is not
    affected by CVE-2016-2113 and CVE-2016-2114.
    
    For the stable distribution (jessie), these problems have been fixed
    in version 2:4.2.10+dfsg-0+deb8u1. The issues were addressed by
    upgrading to the new upstream version 4.2.10, which includes
    additional changes and bugfixes. The depending libraries ldb, talloc,
    tdb and tevent required as well an update to new upstream versions for
    this update.
    
    Please refer to
    
      - https://www.samba.org/samba/latest_news.html#4.4.2
      - https://www.samba.org/samba/history/samba-4.2.0.html
    
      - https://www.samba.org/samba/history/samba-4.2.10.html
    
    for further details (in particular for new options and defaults).
    
    
    We'd like to thank Andreas Schneider and Guenther Deschner (Red Hat),
    Stefan Metzmacher and Ralph Boehme (SerNet) and Aurelien Aptel (SUSE)
    for the massive backporting work required to support Samba 3.6 and
    Samba 4.2 and Andrew Bartlett (Catalyst), Jelmer Vernooij and Mathieu
    Parent for their help in preparing updates of Samba and the underlying
    infrastructure libraries."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/04/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/14");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"libnss-winbind", reference:"2:3.6.6-6+deb7u9")) flag++;
    if (deb_check(release:"7.0", prefix:"libpam-smbpass", reference:"2:3.6.6-6+deb7u9")) flag++;
    if (deb_check(release:"7.0", prefix:"libpam-winbind", reference:"2:3.6.6-6+deb7u9")) flag++;
    if (deb_check(release:"7.0", prefix:"libsmbclient", reference:"2:3.6.6-6+deb7u9")) flag++;
    if (deb_check(release:"7.0", prefix:"libsmbclient-dev", reference:"2:3.6.6-6+deb7u9")) flag++;
    if (deb_check(release:"7.0", prefix:"libwbclient-dev", reference:"2:3.6.6-6+deb7u9")) flag++;
    if (deb_check(release:"7.0", prefix:"libwbclient0", reference:"2:3.6.6-6+deb7u9")) flag++;
    if (deb_check(release:"7.0", prefix:"samba", reference:"2:3.6.6-6+deb7u9")) flag++;
    if (deb_check(release:"7.0", prefix:"samba-common", reference:"2:3.6.6-6+deb7u9")) flag++;
    if (deb_check(release:"7.0", prefix:"samba-common-bin", reference:"2:3.6.6-6+deb7u9")) flag++;
    if (deb_check(release:"7.0", prefix:"samba-dbg", reference:"2:3.6.6-6+deb7u9")) flag++;
    if (deb_check(release:"7.0", prefix:"samba-doc", reference:"2:3.6.6-6+deb7u9")) flag++;
    if (deb_check(release:"7.0", prefix:"samba-doc-pdf", reference:"2:3.6.6-6+deb7u9")) flag++;
    if (deb_check(release:"7.0", prefix:"samba-tools", reference:"2:3.6.6-6+deb7u9")) flag++;
    if (deb_check(release:"7.0", prefix:"smbclient", reference:"2:3.6.6-6+deb7u9")) flag++;
    if (deb_check(release:"7.0", prefix:"swat", reference:"2:3.6.6-6+deb7u9")) flag++;
    if (deb_check(release:"7.0", prefix:"winbind", reference:"2:3.6.6-6+deb7u9")) flag++;
    if (deb_check(release:"8.0", prefix:"libnss-winbind", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libpam-smbpass", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libpam-winbind", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libparse-pidl-perl", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libsmbclient", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libsmbclient-dev", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libsmbsharemodes-dev", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libsmbsharemodes0", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libwbclient-dev", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"libwbclient0", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"python-samba", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"registry-tools", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"samba", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"samba-common", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"samba-common-bin", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"samba-dbg", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"samba-dev", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"samba-doc", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"samba-dsdb-modules", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"samba-libs", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"samba-testsuite", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"samba-vfs-modules", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"smbclient", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    if (deb_check(release:"8.0", prefix:"winbind", reference:"2:4.2.10+dfsg-0+deb8u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/130773/CORE-2015-0005.txt
idPACKETSTORM:130773
last seen2016-12-05
published2015-03-11
reporterCore Security Technologies
sourcehttps://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Methods-Improper-Validation.html
titleWindows Pass-Through Authentication Methods Improper Validation