Executive Summary

This vulnerability exists in Mattermost Desktop App versions up to 6.1 5.5.13.0, where the application fails to properly restrict the allow list of domains to which NTLM credentials are forwarded.

Because of this, any user on a server that does not have the image proxy enabled can intercept other users' credentials by embedding an image that routes to an external web server.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to credential interception, where an attacker can capture NTLM credentials of other users on the same server.

Such interception can compromise user accounts and potentially allow unauthorized access to sensitive information or systems.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, you should upgrade the Mattermost Desktop App to a version later than 6.1 5.5.13.0 where the issue with unrestricted NTLM credential forwarding has been fixed.

Additionally, ensure that the image proxy feature is enabled on your Mattermost server to prevent users from intercepting credentials via embedded images routing to external servers.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in Mattermost Desktop App versions <=6.1 5.5.13.0 allows any user on a server without the image proxy enabled to intercept other users' NTLM credentials by embedding an image that routes to an external web server.

This unauthorized interception of credentials could lead to exposure of sensitive user information, which may impact compliance with data protection regulations such as GDPR and HIPAA that require safeguarding personal and sensitive data.

However, the provided context and resources do not explicitly discuss the direct impact of this vulnerability on compliance with these or other common standards and regulations.

Useful 0 Not Useful 0