NetNTLM Hash Leakage Vulnerability in PortSwigger Burp Suite

NetNTLM Hash Leakage Vulnerability in PortSwigger Burp Suite

CVE-2021-29416 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configuration. This could leak NetNTLM hashes on Windows systems that fail to block outbound SMB.

Learn more about our Web Application Penetration Testing UK.