Primary

Context

Dradis Net-NTLM Hash Theft Vulnerability

Vulnerability

A vulnerability in Dradis versions through 4.16.0 allows authenticated users to reference external images over HTTPS, instead of using embedded images. This flaw can be exploited to steal Net-NTLM hashes from other users on a Windows domain network.

Impact

Exploitation of this vulnerability allows for the theft of Net-NTLM authentication hashes from users within the same Windows domain network.

Reproduction

To reproduce this vulnerability, an authenticated user can upload or insert a remote image into a Dradis project. When the issue or evidence is rendered, the user's browser will automatically request the image from the specified URL. If the URL points to an attacker-controlled server, the server can capture the Net-NTLM hash of the user as the authentication request is silently sent from the user's machine.

Added: Jul 5, 2025, 4:17 AM

Updated: Jul 5, 2025, 4:17 AM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

6.3

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

6.3

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dradis Net-NTLM Hash Theft Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Dradis

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating