"Hackers Can Exploit 'Forced Authentication' to Steal Windows NTLM Tokens"

Researchers have discovered a case of "forced authentication" that threat actors could exploit to leak a Windows user's NT LAN Manager (NTLM) tokens by tricking the victim into opening a specially crafted Microsoft Access file. The attack exploits a legitimate database management system solution feature that enables users to link to external data sources such as a remote SQL Server table. NTLM, a challenge-response authentication protocol introduced by Microsoft in 1993, is used to authenticate users during sign-in. It has been discovered to be vulnerable to brute-force, pass-the-hash, and relay attacks over the years. This article continues to discuss the possible exploitation of forced authentication that could allow hackers to steal NTLM tokens.

THN reports "Hackers Can Exploit 'Forced Authentication' to Steal Windows NTLM Tokens"

Submitted by grigby1

Submitted by Gregory Rigby on