VULHUB ™

Iomega NAS A300U devices are reported to use LANMAN authentication for access to CIFS/SMB mounts. LANMAN authentication credentials are sent across the network in plaintext and may be intercepted by attackers with the ability to sniff network traffic. It has also been reported that this may allow session hijacking attacks to occur. This issue was reported for Iomega NAS A300U on Unix platforms. Other platforms and Iomega devices may also be affected.

Iomega NAS A300U devices are reported to use LANMAN authentication for access to CIFS/SMB mounts. LANMAN authentication credentials are sent across the network in plaintext and may be intercepted by attackers with the ability to sniff network traffic. It has also been reported that this may allow session hijacking attacks to occur. This issue was reported for Iomega NAS A300U on Unix platforms. Other platforms and Iomega devices may also be affected.