CVE-2022-34704 - Cleartext Transmission of Sensitive Information

Severity

55%

Complexity

18%

Confidentiality

60%

Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34710, CVE-2022-34712.

CVSS 3.1 Base Score 5.5. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

CVSS 3.1 Base Score 4.7. CVSS Attack Vector: local. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).

Demo Examples

Cleartext Transmission of Sensitive Information

CWE-319

The following code attempts to establish a connection to a site to communicate sensitive information.


               
}
hu.disconnect();

                     

                           //...

Though a connection is successfully made, the connection is unencrypted and it is possible that all sensitive data sent to or received from the server will be read by unintended actors.

Demo Examples

Observable Discrepancy

CWE-203

The following code checks validity of the supplied username and password and notifies the user of a successful or failed login.


               
}
}
print "Login Successful";
print "Login Failed - incorrect password";
print "Login Failed - unknown username";

In the above code, there are different messages for when an incorrect username is supplied, versus when the username is correct but the password is wrong. This difference enables a potential attacker to understand the state of the login function, and could allow an attacker to discover a valid username by trying different values until the incorrect password message is returned. In essence, this makes it easier for an attacker to obtain half of the necessary authentication credentials.

While this type of information may be helpful to a user, it is also useful to a potential attacker. In the above example, the message for both failed cases should be the same, such as:


               
"Login Failed - incorrect username or password"

Observable Discrepancy

CWE-203

Non-uniform processing time causes timing channel.

Suppose a hardware IP for implementing an encryption routine works fine per se, but the time taken to output the result of the encryption routine depends on a certain relationship between the input plaintext and the key (e.g., suppose, if the plaintext is similar to the key, it would run very fast).

In the example above, an attacker can vary the inputs and, depending on the seen differences between processing times (different plaintexts take different time), can infer certain information about the key.

If the actual processing time was different for different plaintexts, artificial delays can be introduced to ensured all plaintexts take equal time to execute, even though the timing was internally different.

Overview

Type

Microsoft Windows

First reported 2 years ago

2022-08-09 20:15:00

Last updated 2 years ago

2022-12-13 23:15:00

Affected Software

Microsoft Windows Server 2016

Microsoft Windows Server 2019

Microsoft Windows 10 1809

1809

References

N/A

N/A

Patch, Vendor Advisory

http://packetstormsecurity.com/files/168329/Windows-Credential-Guard-Non-Constant-Time-Comparison-Information-Disclosure.html

http://packetstormsecurity.com/files/168329/Windows-Credential-Guard-Non-Constant-Time-Comparison-Information-Disclosure.html

Third Party Advisory, VDB Entry

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.