SonicWall SSO-Agent Default Configuration Vulnerability: Password Hash Capture and Firewall Bypass
CVE-2020-5148 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls.
Learn more about our Api Penetration Testing.