Net-NTLM leak via HTML injection vulnerability

Announced 2023-11-02
Impact Medium
Base CVSS Score 5.9
Product AlgoSec FireFlow
Affected Versions

A32.20 (up to build b560)

A32.50 (up to build b390)

A32.60 (up to build 210)

Fixed in Version

A32.20 (b570 and above)

A32.50 (b400 and above)

A32.60 (220 and above)

Finder Michał Bogdanowicz from Nordea Bank ABP


AlgoSec FireFlow VisualFlow workflow editor allows saving workflow entities with special html characters in the Name and Description fields, which is further displayed and executed on the Workflows List page in the application. This vulnerability also impacts Workflow editor's outbound actions via Name and Category fields, which is displayed and executed on the Workflow Entity page.

By abusing this behavior, it is possible to obtain the victim’s domain credentials: Net-NTLM hash, and thus open the way to relay domain attacks.

Issues addressed as part of this vulnerability


Upgrade ASMS to the fixed build as forbidden characters are escaped in all affected fields of AlgoSec FireFlow VisualFlow workflow editor.