Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Critical design flaw in Microsoft's Active Directory could allow password change

Critical design flaw in Microsoft's Active Directory could allow password change

2014/07/15

IDG News Service - (International) Researchers with Aorato identified a flaw within Microsoft's Active Directory which could allow attackers to change a victim's password and use the new password to access a company's network and enterprise functions. The vulnerability relies on the older NTLM authentication protocol to perform a "pass-the-hash" attack to gain access.

Source: http://www.pcworld.com/article/2454103/critical-design-flaw-in-active-directory-could-allow-for-a-password-change.html

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:20:57