Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka Skype for Business Elevation of Privilege Vulnerability.
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
Name | Vendor | Start Version | End Version |
---|---|---|---|
Lync | Microsoft | 2013-sp1 (including) | 2013-sp1 (including) |
Skype_for_business | Microsoft | 2016 (including) | 2016 (including) |