IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/177069/IBM-i-Access-Client-Solutions-Remote-Credential-Theft.html | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2024/Feb/7 | Mailing List Third Party Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/279091 | VDB Entry |
https://www.ibm.com/support/pages/node/7116091 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ibm
Published: 2024-02-09T00:26:52.792Z
Updated: 2024-07-05T17:20:50.931Z
Reserved: 2024-01-08T23:41:52.508Z
Link: CVE-2024-22318
JSON object: View
NVD Information
Status : Modified
Published: 2024-02-09T01:15:09.440
Modified: 2024-04-03T02:15:07.823
Link: CVE-2024-22318
JSON object: View
Redhat Information
No data.
CWE