Git for Windows leaks NTLM hash when cloning from an attacker-controlled server

Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password. This vulnerability is fixed in 2.53.0(2).

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

信息暴露

Git for Windows 信息泄露漏洞

Git for Windows是Git的用于 Windows 的 Git。 Git for Windows 2.53.0(2)之前版本存在信息泄露漏洞，该漏洞源于可能诱骗用户克隆恶意服务器，导致攻击者暴力破解用户凭据。

N/A

N/A