Skip to content

H3-2020-0012

LLMNR/NBT-NS Poisoning Possible

Category SECURITY_MISCONFIGURATION
Base Score 7.0

Description

Link-Local Multicast Name Resolution (LLMNR) and Netbios Name Service (NBT-NS) are two components of Microsoft Windows machines that serve as alternate methods of host identification. An attacker can spoof a reply as an authoritative source to a victim request and capture the credential information passed over the network. Credential information can be captured in hashed or plaintext format.

Impact

A captured hash credential can be cracked offline to discover the plaintext password for reuse on other systems. Likewise, a captured plaintext credential can be immediately used to access other systems.

References