go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::

Date:
Font-stze:

CHANGING Inc. NHIServiSignAdapter Windows Versions - Information Leakage -2

TVN ID TVN-202012005
CVE ID CVE-2020-25846
CVSS 7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products CHANGING Inc. NHIServiSignAdapter for Windows 1.0.20.0218
Description The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.
Solution Update to version 1.0.20.1109
Credit Angelboy (DEVCORE https://devco.re)
Public Date 2020-12-31
Top