New research reveals critical vulnerabilities in Python applications for Windows including Snowflake, Gradio, Jupyter, and Streamlit that could allow hackers to steal NTLM credentials. Learn how to protect your systems from this serious security threat.
Researchers at Horizon3.ai have discovered a critical vulnerability in Python Windows applications that could allow hackers to steal NTLM credentials.
NTLM, or NT Lan Manager, is a legacy authentication protocol still widely used in Windows environments. This vulnerability could grant attackers access to a user’s network and sensitive data when exploited.
NTLMv2 hash theft, a technique commonly used in internal pentests, exploits issues like legacy LLMNR/NBT-NS protocols and forced authentication vulnerabilities like PetitPotam, often by abusing Microsoft Outlook. Tools like responder and ntlmrelayx are used to exploit this technique.
In a report shared with Hackread.com ahead of publishing on Aug 23, 2024, Horizon3.ai’s Naveen Sunkavally explained that NTLMv2 hash theft can occur on Windows hosts when auditing web apps through Server-Side Request Forgery (SSRF) or XML External Entities (XXE) vulnerabilities.
According to researchers, vulnerabilities in Python frameworks occur from how it retrieves files, because in Python “any file system operation performed on insufficiently validated input can lead to the leakage of NTLMv2 hashes.” Naveen noted.
New SSRF vulnerabilities were discovered in popular Python frameworks, including Gradio by Hugging Face, Jupyter Server, and Streamlit from Snowflake, leading to NTLMv2 hash exposure in popular AI tools these frameworks power such as Jupyter Notebook, JupyterLab, and Streamlit.
The vulnerabilities arise from flaws in how these frameworks handle file paths on Windows. Gradio’s flaws allow attackers to send a crafted path to a malicious server, revealing the NTLMv2 hash of the user running the framework.
Python’s os.path.isabs function and Gradio’s use of werkzeug.security.safe_join can also lead to similar NTLMv2 hash disclosure. Jupyter Server’s flaws involve its static file handler, which checks for file existence using os.path.isfile before verifying path validity. Streamlit’s flaw is similar, allowing attackers to leak the NTLMv2 hash on vulnerable Windows systems.
Attackers can exploit vulnerabilities in internet-exposed applications like Gradio’s “share” feature by capturing the NTLMv2 hash. In addition, they can exploit SSRF vulnerabilities, tricking the application into making requests to a malicious server, and leaking the NTLMv2 hash. The risk is higher for user-run applications, as they typically have weaker passwords compared to system accounts.\
Furthermore, the NTLMv2 hash can be used in relay attacks to gain access to other network resources accessible to the compromised user. Examples have been found in real-world pentests by NodeZero.
To stay safe, configure firewalls to block outgoing SMB traffic to the internet to prevent exploitation of vulnerabilities that rely on forced Windows authentication. Update Python to the latest version (especially for Windows users) to avoid the os.path.isabs bug present in versions below 3.11.2. Lastly, update the vulnerable applications to the latest versions: Gradio: 4.20+, Jupyter Server: 2.14.1+, and Streamlit: 1.37.0+.
RELATED TOPICS
- PyPI Exploited to Infiltrate Systems Through Python Packages
- Qubitstrike Malware Hits Jupyter Notebooks for Cryptojacking
- Python in Threat Intel: Analyzing and Mitigating Cyber Threats
- VMCONNECT: Malicious PyPI Package Mimicking Python Tools
- New version of Jupyter infostealer delivered through MSI installer
