Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.2
CVSSv3

CVE-2016-0049

Published: 10/02/2016 Updated: 30/10/2018
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.2 | Impact Score: 3.6 | Exploitability Score: 2.5
VMScore: 215
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Windows Server 2012

Vulnerability Summary

Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote malicious users to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka "Windows Kerberos Security Feature Bypass."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows server 2012 -

microsoft windows 8.1

microsoft windows 10 -

microsoft windows server 2012 r2

microsoft windows 10 1511

microsoft windows server 2008 r2

microsoft windows vista

microsoft windows 7

microsoft windows server 2008

Exploits

Exploit DB: Microsoft Windows - Kerberos Security Feature Bypass (MS16-014)
# Exploit Title: Windows Kerberos Security Feature Bypass # Date: 12-02-2016 # Exploit Author: Nabeel Ahmed # Tested on: Windows 7 Professional (x32/x64) # CVE : CVE-2016-0049 # Category: Local Exploit 1) Prerequisites: - Standard Windows 7 Fully patched and member of an existing domain - BitLocker enabled without PIN or USB key - Passwor ...
Exploit DB: Windows Kerberos Security Feature Bypass
Windows kerberos security feature bypass exploit that leverages the vulnerability discussed in MS16-014 ...

Github Repositories

https://github.com/JackOfMostTrades/bluebox

Automated Exploit Toolkit for CVE-2015-6095 and CVE-2016-0049

Note; this repository makes references to external repositories (known as Git submodules) After cloning this repository, please make sure to run the following commands to clone those submodules: git submodule init git submodule update BlueBox BlueBox is a collection of scripts and configurations for the automated exploitation of MS15-12

References

CWE-255https://www.exploit-db.com/exploits/39442/http://www.securitytracker.com/id/1034985http://packetstormsecurity.com/files/135797/Windows-Kerberos-Security-Feature-Bypass.htmlhttp://www.securityfocus.com/bid/82535https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-014https://nvd.nist.govhttps://github.com/JackOfMostTrades/blueboxhttps://www.exploit-db.com/exploits/39442/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook