Authentication, LAN and Reference

Authentication

LAN

Reference

Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391)

Tenable

FEBRUARY 11, 2025

A local, authenticated attacker could exploit this vulnerability to elevate to SYSTEM level privileges. A local, authenticated attacker could exploit this vulnerability to delete files from a system. Exploitation would allow an attacker to obtain a user's NTLMv2 hash, which could then be used to authenticate as that user.

Windows

Windows Authentication Azure Storage

Microsoft’s September 2023 Patch Tuesday Addresses 61 CVEs (CVE-2023-36761)

Tenable

SEPTEMBER 12, 2023

Successful exploitation of this flaw would allow for the disclosure of New Technology LAN Manager (NTLM) hashes. Successful exploitation of these vulnerabilities requires an attacker to authenticate with LAN-access and have valid credentials for an Exchange user. Each of these vulnerabilities were given CVSSv3 scores of 8.0

LAN

LAN Windows 3D Azure

Join 49,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Trending Sources

CVE-2020-27125, CVE-2020-27130, CVE-2020-27131: Pre-Authentication Vulnerabilities in Cisco Security Manager Disclosed

Tenable

NOVEMBER 17, 2020

As part of his PoC release for CVE-2020-27131, Hauser included a reference to TRA-2017-23 , a vulnerability disclosure from Tenable’s Zero Day Research team from 2017 regarding a deserialization remote code execution vulnerability in Cisco Security Manager and Cisco Prime LAN Management Solution. Proof of concept.

Authentication

Authentication LAN Firewall Research

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Microsoft’s February 2024 Patch Tuesday Addresses 73 CVEs (CVE-2024-21351, CVE-2024-21412)

Tenable

FEBRUARY 13, 2024

Successful exploitation of this flaw would allow an attacker to relay a New Technology LAN Manager Version 2 (NTLMv2) hash against a vulnerable server. In order to exploit this flaw, an attacker would need to be authenticated with LAN-access and have a valid login for an Exchange user.

LAN

LAN Windows Azure Internet

The Cable Security Experience

CableLabs

AUGUST 31, 2020

They may attack a customer premises equipment (CPE) device from the network side of the service, typically referred to as the wide area network (WAN) side. They may attack the CPE device from the home network side, or the local area network (LAN) side. These tools are authentication, encryption, and message hashing.

Technical Review

Technical Review Authentication Architecture Network

Microsoft’s August 2024 Patch Tuesday Addresses 88 CVEs

Tenable

AUGUST 13, 2024

and could be abused by an authenticated attacker to bypass server-side request forgery (SSRF) protections in order to leak potentially sensitive information. For more information on this vulnerability, please refer to Tenable Research Advisories TRA-2024-27 and TRA-2024-28 , as well as our blog post.

IPv6

IPv6 Windows Azure LAN

Microsoft’s October 2023 Patch Tuesday Addresses 103 CVEs (CVE-2023-36563, CVE-2023-41763)

Tenable

OCTOBER 10, 2023

Successful exploitation could lead to the disclosure of New Technology LAN Manager (NTLM) hashes. To combat this, we recommend reviewing the suggestions from this Cybersecurty and Infrastructure Security Agency (CISA) blog post and the Tenable whitepaper, Password, Authentication and Web Best Practices. and is rated as important.

Windows

Windows Software Review Azure Systems Review

False Base Station or IMSI Catcher: What You Need to Know

CableLabs

OCTOBER 23, 2019

All four of these terminologies refer to a tool consisting of hardware and software that allow for passive and active attacks against mobile subscribers over radio access networks (RANs). The attacking tool (referred to as FBS hereafter) exploits security weaknesses in mobile networks from 2G (second generation) to 3G, 4G and 5G.

Software Review

Software Review Wireless Mobile LAN

Towards a Reliable Device Management Platform

Netflix Tech

AUGUST 30, 2021

On the RAE, there exists a service called the Local Registry, which is responsible for detecting, onboarding, and maintaining information about all devices connected to the LAN side of the RAE. Thus, the implemented solution must integrate with Netflix Spring facilities for authentication and metrics support at the very minimum?—?the

Software Review

Software Review Systems Review Windows Testing

Airport Technology Management: Operations, Software Solutions and Vendors

Altexsoft

OCTOBER 15, 2018

AODB functions include: Reference-data processing. These services require biometric authentication and integration into government systems to allow a customs officer to view the status of a passenger. Information is distributed through the airport radio system, or displayed on a PC connected via the airport LAN or on mobile devices.

Software Review

Software Review Software Technical Review Technology

Ivanti Product Update - October 2022

Ivanti

OCTOBER 25, 2022

Bandwidth utilization in the Agent Policy manages network performance by allowing users to set the percentage of WAN/LAN bandwidth to be used when downloading patch content packages from Ivanti Neurons. Refer to the Ivanti Neurons Patch for MEM 2022.4 Enabled default domains and remote authentication. iOS/iPadOS 16/macOS 13.

Software Review

Software Review Windows Systems Review Development Team Review

Microsoft’s January 2025 Patch Tuesday Addresses 157 CVEs (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)

Tenable

JANUARY 14, 2025

An authenticated, local attacker could exploit this vulnerability to elevate privileges to SYSTEM. Microsoft has provided a list of mitigations including disabling New Technology LAN Manager (NTLM) or using group policy to block NTLM hashes. For more information on the mitigation guidance, please refer to the Microsoft advisory.

Windows

Windows LAN Authentication Azure

CTO Universe

Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391)

Microsoft’s September 2023 Patch Tuesday Addresses 61 CVEs (CVE-2023-36761)

Webinars

Trending Sources

CVE-2020-27125, CVE-2020-27130, CVE-2020-27131: Pre-Authentication Vulnerabilities in Cisco Security Manager Disclosed

Webinars

Microsoft’s February 2024 Patch Tuesday Addresses 73 CVEs (CVE-2024-21351, CVE-2024-21412)

The Cable Security Experience

Microsoft’s August 2024 Patch Tuesday Addresses 88 CVEs

Microsoft’s October 2023 Patch Tuesday Addresses 103 CVEs (CVE-2023-36563, CVE-2023-41763)

False Base Station or IMSI Catcher: What You Need to Know

Towards a Reliable Device Management Platform

Airport Technology Management: Operations, Software Solutions and Vendors

Ivanti Product Update - October 2022

Microsoft’s January 2025 Patch Tuesday Addresses 157 CVEs (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)

Stay Connected