"Hackers Can Exploit 'Forced Authentication' to Steal Windows NTLM Tokens"
"Hackers Can Exploit 'Forced Authentication' to Steal Windows NTLM Tokens"
Researchers have discovered a case of "forced authentication" that threat actors could exploit to leak a Windows user's NT LAN Manager (NTLM) tokens by tricking the victim into opening a specially crafted Microsoft Access file. The attack exploits a legitimate database management system solution feature that enables users to link to external data sources such as a remote SQL Server table. NTLM, a challenge-response authentication protocol introduced by Microsoft in 1993, is used to authenticate users during sign-in.