← Back

CVE-2016-3352

nvd nist
Published: Sep 14, 2016Modified: May 6, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check NTLM SSO requests for MSA logins, which makes it easier for remote attackers to determine passwords via a brute-force attack on NTLM password hashes, aka "Microsoft Information Disclosure Vulnerability."

Affected (5)

Microsoft
3 products
Windows 10
Windows 8.1
Windows Rt 8.1
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Windows 10
All versions
Windows 10
Version 1511
Windows 10
Version 1607
Windows 8.1
All versions
Windows Rt 8.1
All versions

Related CWEs

CWE-285
Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (6)

Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.