Remote Authentication Flaw in Netwrix Account Lockout Examiner
CVE-2020-15931

7.5HIGH

Key Information:

Vendor: Netwrix
Status: Account Lockout Examiner
Vendor: CVE Published:; 20 October 2020

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2020-15931?

A vulnerability in Netwrix Account Lockout Examiner versions prior to 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator configured in the product. By triggering a Kerberos Pre-Authentication Failed event on a Domain Controller, unauthorized users can potentially exploit this weakness to gain sensitive authentication data, posing a risk to the security of IT environments.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-15931
Created by optiv

References

https://www.optiv.com/explore-optiv-insights/source-zero/...

x_refsource_MISC

https://www.netwrix.com/netwrix_reports_vulnerability_in_...

x_refsource_CONFIRM

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2020
🟡
Public PoC available
Jul 29, 2020
👾
Exploit known to exist
Jul 29, 2020
Vulnerability Reserved
Jul 24, 2020