After configuring Connect Before Logon on Windows, the following message is displayed on the log file: (03/03 10:26:11) [VULNERABILITY:Credential Exposure] --- (03/03 10:26:11) Connecting to the server and verifying credentials --- Information> Credential> username> password1> password2> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information>
Windows 10 - CVE-2017-0030
After configuring Connect Before Logon on Windows, the following message is displayed on the log file:
(03/03 10:26:11) [VULNERABILITY:Credential Exposure] --- (03/03 10:26:11) Connecting to the server and verifying credentials --- Information> Credential> username> password1> password2> Information> Information> Information> Information> Information> Information> Information> Information> Information> __Information_ - _____Information_ - ____Information_ - _______Information_ - __________information___ - ________information_ - __________information______- ________________information-- information
- INFORMATION
References:
However, the vulnerability is not limited to just Windows systems. Other operating systems such as Linux and Solaris are also affected.
Vulnerability: Credential Exposure
A credential exposure vulnerability exists in Microsoft Windows. If you enable Connect Before Logon on a Windows system, an attacker could connect to the system without having to provide valid credentials.
Windows 10, version 1703
The Microsoft Windows 10, version 1703 update contains a vulnerability in the Connect Before Logon feature that can allow a remote attacker to steal credentials of a logged-in user.
Timeline
Published on: 02/10/2022 18:15:00 UTC
Last modified on: 02/17/2022 16:01:00 UTC