.svg){kind=icon}
Netwrix Auditor 
Netwrix Change Tracker 
Netwrix Data Classification 
Netwrix Enterprise Auditor 
Netwrix GroupID 
Netwrix Password Policy Enforcer 
Netwrix Password Secure 
Netwrix Password Reset 
Netwrix PolicyPak 
Netwrix Privilege Secure 
Netwrix Recovery for Active Directory 
Netwrix StealthINTERCEPT 
Netwrix Strongpoint 
Netwrix Threat Manager 
Netwrix Usercube 
Netwrix 1Secure 
Netwrix Endpoint Protector 
Irvine, CA, August 13, 2020
Netwrix reports vulnerability in Netwrix Account Lockout Examiner 4.1
The vulnerability discovered by Optiv enables an adversary controlling a computer in a customer's domain to exploit an NTLM protocol vulnerability.
Netwrix, a cybersecurity vendor that makes data security easy, today announced the discovery of a zero-day vulnerability in Netwrix Account Lockout Examiner freeware. All users of Netwrix Account Lockout Examiner 4.1 or earlier should consider immediately upgrading to version 5.1 or higher in order to avoid falling victim to this vulnerability.
According to research by Optiv, an attacker can force an account used to run Account Lockout Examiner to authenticate to a system that the attacker controls, enabling them to capture the associated NTLMv1/v2 challenge-response and gain the Domain Admin credentials used to run Account Lockout Examiner. For more details about this possible attack scenario, read the full Optiv article.
This vulnerability was discovered by Optiv security consultants Robert Surace and Daniel Min while performing a security assessment of Netwrix Lockout Examiner, and Optiv reported it to Netwrix.
For more information about mitigating the vulnerability, please visit the FAQ page: https://www.netwrix.com/faq_ale_vulnerability.html
To download Account Lockout Examiner 5.1 for free, please visit: https://www.netwrix.com/account_lockout_examiner.html
about netwrix corporation
Netwrix champions cybersecurity to ensure a brighter digital future for any organization. Netwrix's innovative solutions safeguard data, identities, and infrastructure reducing both the risk and impact of a breach for more than 13,500 organizations across 100+ countries. Netwrix empowers security professionals to face digital threats with confidence by enabling them to identify and protect sensitive data as well as to detect, respond to, and recover from attacks.
For more information, visit www.netwrix.com.
contact us
Your questions and feedback are always welcome. Please dial our toll-free number: 888 - 638 - 9749, or enter your question details here and we will reply as soon as possible.
Media contact
Erin Jones, Avista PR for Netwrix
Phone: 704 - 664 - 2170