Remote NTLM Hash Theft and SMB Relay Attacks in Druide Antidote RX, HD, 8, 9, and 10

Remote NTLM Hash Theft and SMB Relay Attacks in Druide Antidote RX, HD, 8, 9, and 10

CVE-2019-9565 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote attackers to steal NTLM hashes or perform SMB relay attacks upon a direct launch of the product, or upon an indirect launch via an integration such as Chrome, Firefox, Word, Outlook, etc. This occurs because the product attempts to access a share with the PLUG-INS subdomain name; an attacker may be able to use Active Directory Domain Services to register that name.

Learn more about our Cis Benchmark Audit For Google Chrome.