Full Disclosure mailing list archives
Stealing Windows Credentials Using Google Chrome
From: DefenseCode <defensecode () defensecode com>
Date: Tue, 16 May 2017 12:05:23 +0200
Hi, Attacks that leak authentication credentials using the SMB file sharing protocol on Windows OS are an ever-present issue, exploited in various ways but usually limited to local area networks. One of the rare research involving attacks over the internet was recently presented by Jonathan Brossard and Hormazd Billimoria at the Black Hat security conference in 2015. However, there have been no publicly demonstrated SMB authentication related attacks on browsers other than Internet Explorer and Edge in the past decade. This paper describes an attack which can lead to Windows credentials theft, affecting the default configuration of the most popular browser in the world today, Google Chrome, as well as all Windows versions supporting it. Full paper URL: http://www.defensecode.com/news_article.php?id=21 Regards, DefenseCode Team http://www.defensecode.com/ https://twitter.com/DefenseCode _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Stealing Windows Credentials Using Google Chrome DefenseCode (May 16)