Box.com Information for VU#672268

Microsoft Windows NTLM automatically authenticates via SMB when following a file:// URL

Status

Unknown. If you are the vendor named above, please contact us to update your status.

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

None

Addendum

According to the reporter, the Box Sync client may be vulnerable in certain circumstances if the user accepts an SSL prompt. CERT/CC has been unable to confirm this so far.

If you have feedback, comments, or additional information about this vulnerability, please send us email.