Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability - CVE-2023-36004ID: oval:org.secpod.oval:def:95808 | Date: (C)2023-12-13 (M)2024-03-06 |
Class: VULNERABILITY | Family: windows |
Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability. To exploit this vulnerability, an attacker would need to launch a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine. The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a man-in-the-middle (MITM) attack. An unauthorized attacker must wait for a user to initiate a connection.
Platform: |
Microsoft Windows 10 |
Microsoft Windows 11 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |
Microsoft Windows Server |