Rewterz Threat Advisory – CVE-2021-22661 – ICS:ProSoft Technology ICX35
February 26, 2021Rewterz Threat Advisory – Multiple NETGEAR R7800 Security Vulnerabilities
March 1, 2021Rewterz Threat Advisory – CVE-2021-22661 – ICS:ProSoft Technology ICX35
February 26, 2021Rewterz Threat Advisory – Multiple NETGEAR R7800 Security Vulnerabilities
March 1, 2021Severity
Medium
Analysis Summary
Microsoft Remote Desktop Web Access could allow a remote attacker to obtain sensitive information, caused by a timing-based authentication flaw. By attempting authentication and performing a timing based check against the provided username, an attacker could exploit this vulnerability to obtain usernames information, and use this information to launch further attacks against the affected system.
Impact
Information disclosure
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
Remediation
Refer to Microsoft advisory for the complete list of affected products and their respective patches.