Unknown · S3 Browser · CVE-2018-20298
**Name of the Vulnerable Software and Affected Versions**
S3 Browser versions prior to 8.1.5
**Description**
The issue is related to an XML external entity (XXE) vulnerability in the S3 protocol, which is based on HTTP. This vulnerability allows remote attackers to read arbitrary files and obtain NTLMv2 hash values by tricking a user into connecting to a malicious server. The exploitation of this vulnerability can enable a remote attacker to view files and obtain user NTLMv2 hash values by masquerading as a legitimate server.
**Recommendations**
For versions prior to 8.1.5, update to version 8.1.5 or later to resolve the issue.