PT-2024-1126 · Microsoft · Windows+1

Michael Grafnetter

Published

2024-01-09

Updated

2024-05-29

CVE-2024-20692

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Local Security Authority Subsystem Service (affected versions not specified)

Description The issue is related to a lack of protection for service data in the Local Security Authority Subsystem Service (LSASS) of the Windows operating system. Exploitation of this issue may allow a remote attacker to disclose protected information. It is possible for network secrets to be stolen from LSASS by convincing or waiting for a user to connect to an Active Directory Domain Controller, potentially through a man-in-the-middle (MITM) attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Inadequate Encryption Strength

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-326CWE-668

Related Identifiers

BDU:2024-00410

CVE-2024-20692

Affected Products

Lsass

Windows

PT-2024-1126 · Microsoft · Windows+1

CVE-2024-20692

Weakness Enumeration

Related Identifiers

Affected Products

References · 9