SonicWall SSO-Agent Default Configuration Vulnerability: Password Hash Capture and Firewall Bypass

SonicWall SSO-Agent Default Configuration Vulnerability: Password Hash Capture and Firewall Bypass

CVE-2020-5148 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls.

Learn more about our Api Penetration Testing.