Back to search
CVE-2022-24581
Published: May 27, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://aceware.com
x_refsource_MISC
http://aceweb.com
x_refsource_MISC
https://www.aceware.com/forum/viewtopic.php?f=7&t=481
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now