Описание
DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input
DNN.PLATFORM allows a specially crafted series of malicious interaction can expose NTLM hashes to a third party SMB server. This vulnerability is fixed in 10.0.1.
Пакеты
Наименование
DNN.PLATFORM
nuget
Затронутые версииВерсия исправления
>= 6.0.0, < 10.0.1
10.0.1
Связанные уязвимости
CVSS3: 8.6
nvd
8 месяцев назад
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been patched in version 10.0.1.