Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Github clash 访问控制错误漏洞
Vulnerability Description
Github clash是Go 中基于规则的隧道。 Github clash 存在安全漏洞,该漏洞源于通过嵌入恶意 iframe 页面到带有精心设计的 URL 的网站中,该 URL 将启动 Clash Windows 客户端并强制其打开远程 SMB 共享。Windows 将在打开 SMB 共享时执行 NTLM 身份验证,并且可以中继该请求(使用响应程序之类的工具)以执行代码(或捕获以进行哈希破解)。
CVSS Information
N/A
Vulnerability Type
N/A