![]() ![]() In this case, remote execution of JavaScript can be achieved by referencing the script in an SMB share as the source of an iframe tag, for example: and then replying to it," the researchers explain. "In the Windows operative system, the CSP fails to prevent remote inclusion of resources via the SMB protocol. In their blog post, the researchers also indicated that an attacker could even include files from a remote SMB share using an HTML iFrame, which can be abused to steal NTLMv2 hashed password for Windows users. This hack literally defeats the purpose of an end-to-end encrypted messaging app, allowing remote attackers to easily get the hold on users' plain-text conversations without breaking the encryption.Īttackers Could Possibly Steal Windows Password As Well Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection. Learn to Stop Ransomware with Real-Time Protection
0 Comments
Leave a Reply. |