H3-2021-0034
LLMNR Poisoning Possible
Category | SECURITY_MISCONFIGURATION |
Base Score | 7.0 |
Description
Link-Local Multicast Name Resolution (LLMNR) is one of two components of Microsoft Windows machines that serve as alternate methods of host identification. An attacker can spoof a reply as an authoritative source to a victim request and capture the credential information passed over the network. Credential information can be captured in hashed or plaintext format.
Impact
A captured hash credential can be cracked offline to discover the plaintext password for reuse on other systems or the hash can be relayed and used to access other systems as well. Likewise, a captured plaintext credential can be immediately used to access other systems.