Hello everyone, new security bulletin concerning IBM i Access Client Solutions (ACS).
The platform/independent interface is vulnerable to the theft of remote credentials when NTLM is enabled on Windows workstations.
NTLM (New Technology LAN Manager) is a suite of Microsoft security protocols designed to ensure user authentication, integrity and confidentiality. It is also the successor to the Microsoft LAN Manager (LANMAN) authentication protocol, a former Microsoft product.
Although NTLM is considered an old protocol, it is still used in many environments and is still supported by modern Windows operating systems. However, as with any old protocol, it is now subject to relay attacks, and as a result, some passwords can easily be forced using modern hardware, making this protocol unreliable.
Enabling NTLM on ACS therefore makes it vulnerable to remote data theft (CVE-2024-22318).
Since ACS allows UNC (Universal Naming Convention) paths in its configuration files, if a path is modified to point to a hostile server, the NTLM hash can be retrieved during authentication.
The Windows system will then attempt to authenticate using the current user’s session, and the hostile server could capture the NTLM hashed information.
( for more information: https: //lnkd.in/dfBVbir3 )
This flaw carries a basic 5.1 CVSS risk, and as a security measure we strongly advise you to disable NTLM on workstations. See you soon!
