Описание
Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is fixed in 2.53.0(2).
EPSS
Процентиль: 10%
0.00033
Низкий
Связанные уязвимости
CVSS3: 7.4
nvd
20 дней назад
Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is fixed in 2.53.0(2).
msrc
16 дней назад
Git for Windows leaks NTLM hash when cloning from an attacker-controlled server
EPSS
Процентиль: 10%
0.00033
Низкий