Primary

Context

DNN.Platform NTLM Hash Leakage Vulnerability via SMB Interaction

Vulnerability

A vulnerability in DNN.Platform (formerly DotNetNuke) versions 6.0.0 prior to 10.0.1 allows a specially crafted series of interactions to potentially expose NTLM hashes to a third-party SMB server. This issue has been patched in version 10.0.1.

Impact

Exploitation of this vulnerability can lead to the unauthorized exposure of NTLM hashes, which could be used in NTLM relay attacks or to crack the hashes and obtain user credentials.

Remediation

Users can upgrade to DNN.Platform version 10.0.1 or later to address this vulnerability.

Added: Jun 21, 2025, 3:31 AM

Updated: Jun 21, 2025, 3:31 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DNN.Platform NTLM Hash Leakage Vulnerability via SMB Interaction

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating