FortiClient Vulnerability

Druide Antidote CVE-2019-9565 Information Disclosure Vulnerability

Description

Druide Antidote 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote attackers to steal NTLM hashes or perform SMB relay attacks upon a direct launch of the product, or upon an indirect launch via an integration such as Chrome, Firefox, Word, Outlook, etc. This occurs because the product attempts to access a share with the PLUG-INS subdomain name; an attacker may be able to use Active Directory Domain Services to register that name.

Affected Applications

Antidote

CVE References

CVE-2019-9565

Other References

https://www.gosecure.net/blog/2019/02/20/abusing-unsafe-defaults-in-active-directory/

ID	2440
Created	Oct 27, 2021
Description Updated	Nov 07, 2023
Risk
Coverage	FortiClient
OS	Windows
Vendor	Druide
Patch	manual
Application	Antidote

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiClient Vulnerability

Druide Antidote CVE-2019-9565 Information Disclosure Vulnerability

Description

Affected Applications

CVE References

Other References

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

FortiClient Vulnerability

Druide Antidote CVE-2019-9565 Information Disclosure Vulnerability

Description

Affected Applications

CVE References

Other References

Threat Intelligence
Center