| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Apr 2003 14:41:49 -0700 From: "Jesper Johansson" <jesperjo@...rosoft.com> To: <bugtraq@...urityfocus.com> Subject: RE: Authentication flaw in microsoft SMB protocol > -----Original Message----- > From: Dave Aitel [mailto:dave@...unitysec.com] > Also found and demonstrated by dildog at defcon 3 years ago. So don't > hold your breath waiting for that patch. You don't need to wait. This is prevented with NTLM v.2, which shipped with Windows NT 4.0 SP4 in October 1998. This type of attack is also foiled with Kerberos, which is negotiated by default in a Windows 2000 or higher domain. To learn more about using NTLM v.2 and Kerberos, refer to the Windows 2000 Security Hardening Guide: http://www.microsoft.com/technet/security/prodtech/Windows/Win2kHG.asp downloadable at: http://www.microsoft.com/downloads/details.aspx?FamilyID=15E83186-A2C8-4 C8F-A9D0-A0201F639A56&DisplayLang=en > > When > > a logged-in user requests for a network share on the > server, Windows > > automatically sends the encrypted hashed password of the logged-in > > username to the target SMB server before prompting for password. This is not correct. Window sends a response to a server challenge. The response is computed from the users hash and the challenge sent by the server. Passwords, hashed, encrypted or otherwise, are never sent on the wire during a connection. Jesper M. Johansson Security Program Manager Microsoft Corporation
Powered by blists - more mailing lists