LM Challenge-Response Hash Always Sent in SMB AuthenticationThis vulnerability is an Authentication Bypass due to the consistent transmission of LM Challenge-Response hash during SMB authentication. The application failed to disable the LM hash in favor of the more secure NTLM hash, allowing attackers to perform offline attacks against weak LM hashes. The researcher discovered this by observing the network traffic during SMB authentication and identifying the presence of LM hashes, which should have been deprecated. The LM hash is susceptible to dictionary attacks, allowing attackers to crack passwords offline. The system's flawed configuration resulted in the consistent transmission of LM hashes, making it easier for attackers to perform offline attacks. This vulnerability could lead to account takeovers, unauthorized access, and data breaches. The researcher received $5,000 for this discovery. To prevent similar issues, it is crucial to disable the LM hash and ensure that only NTLM hashes are transmitted during SMB authentication. Key lesson: Always use stronger authentication mechanisms like NTLM over deprecated LM hashes. #BugBounty #Cybersecurity #WebSecurity #AuthenticationBypass #SMBhttps://hackerone.com/reports/3584491
