No fix for deep-rooted issue within PDFs

A flaw in PDF files which allows Windows password stealing scripts to be injected by malicious parties will not be patched, Adobe has announced.

The vulnerability, found in the structure of PDFs, can be exploited to steal encrypted passwords and copy them to a remote source.

These passwords are stored in the form of NT LAN Manager (NTLM) hashes, which are encrypted and stored securely.

However, a number of simple NTLM cracking programs are easily available online, meaning that once an attacker has hold of these encrypted passwords they can quickly decode them.

This vulnerability is known to PDF developer Adobe, which has declined to patch the issue.

The company has instead referred users to a 2017 Microsoft Security Advisory that advises disabling NTLM single sign-on – enabling the patch disallows access from most external parties.

The flaw was reported to Adobe by security team Check Point Research, which told The Daily Swig that “potentially every person receiving a PDF file” could be compromised by the fault.

Emilie Beneitez, a Check Point representative, said: “We are familiar with this attack vector over multiple Windows products such as Office documents, Outlook, and more.

“As part of our efforts to find and explore new vulnerabilities, methods and manipulations in order to better protect our customers, we found it can affect PDF files as well.”

The team tested two of the most common PDF readers – Adobe and Foxit – and found that they were both vulnerable.

Beneitez said that the vulnerability had the potential to cause lateral attacks across a target network.

She added: “I would suggest people avoid opening files from unknown or untrusted sources and be sure to keep the latest and greatest PDF reader versions up-to-date with the recent security patches.”