[jcifs] Follow-Up: Method logonLogoff() in class SmbSession

Marc Lehmann marc.lehmann at freenet.de
Sat Jan 11 22:25:11 EST 2003

Dear Michael,
You may have a look at the class SmbTest attached with my previous email.

SmbTest does the following:
1. Get domain, account and password. WINS is taken from the command line. Respective timeout values are set to "0".
2. Resolve for domain controller. Get challenge from domain controller.
3. Create NtlmPasswordAuthentication object providing domain, account and password.
4. Get LMhash and NThash from above object. Supposing they resemble the hashes provided by IE during NTLM authentication.
5. Create another NtlmPasswordAuthentication object providing LMhash and NThash.
6. Call logon() with second NtlmPasswordAuthentication object. This yields 'logon OK' provided correct credentials have been set in step 1.
7. Invalidate LMhash and NThash. (Setting all bytes to "0".)
8. Create another NtlmPasswordAuthentication object providing invalid hashes.
9. Call logon() with third NtlmPasswordAuthentication object. This always yields 'logon OK'.

The effect in step 9 doesn't look right to me. Could this possibly be exploited as a security backdoor?

I may use your library in a way not anticipated yet. I only need to authenticate a user once to provide an access token upon successful authentication. A user with a valid access token wouldn't need to go through NTLM authencation again. Having this use case I strongly feel a method like logonLogoff() would make sense to discard SMB specific resources as soon as possible. What do you think?


-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list