| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 19 Apr 2003 12:11:33 -0400 From: Dave Aitel <dave@...unitysec.com> To: bugtraq@...urityfocus.com Subject: Re: Authentication flaw in microsoft SMB protocol Also found and demonstrated by dildog at defcon 3 years ago. So don't hold your breath waiting for that patch. Dave Aitel Immunity, Inc. http://www.immunitysec.com/ On 19 Apr 2003 13:24:33 -0000 <seclab@...aut.ac.ir> wrote: > > > Detailed information: > http://seclab.ce.aut.ac.ir/vreport.htm > > Summary > ======= > Microsoft uses SMB Protocol for File and Printer sharing service in > all versions of Windows. Upon accessing a network resource, NTLM > Authentication is used to authenticate the client on the server. When > a logged-in user requests for a network share on the server, Windows > automatically sends the encrypted hashed password of the logged-in > username to the target SMB server before prompting for password. > Although the hashed password is not sent in plaintext format, and it > is encrypted by the server challenge, a malicious SMB Server could use > this information to authenticate on the client machine and in many > cases, gain full control over the shared objects of the client such as > C$, etc. > ... > Exploit > ======= > We will publish the exploit code after a patch be created by software > vendor.
Powered by blists - more mailing lists