OS-WINDOWS -- Snort has detected traffic targeting vulnerabilities in a Windows-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself.
OS-WINDOWS Microsoft Windows malformed NTLMv2 authentication message attempt
This event is generated when there is an authentication bypass attempt via NTLMv2 relay attack. Impact: Attempted User Privilege Gain Details: Event is triggered upon a malicious NTLMv2 Challenge sent from a proxy to a client machine in an attempt to steal a valid session key. This will allow the relayer to use the stolen session key to recalculate MIC and authenticate to the target server. Ease of Attack:
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2019-1019 |
Loading description
|