Electron is vulnerable to improper access control. The vulnerability is caused by Electron responding with NTLM authentication, including hashed credentials. This sensitive information leak occurs when the redirect target uses an SMB URL type starting withfile://
, as the library delays the check for redirecting to file:// URLs from other schemes.