[jcifs] NTLM implementation security issue
Moritz Bechler
bechler at agno3.eu
Tue Dec 19 10:06:33 UTC 2017
Hi,
working on the SPNEGO/NTLM support in jcifs-ng I stubled over an
security issue in the NTLM implementation originating from the original
jcifs codebase.
If NTLMSSP_NEGOTIATE_SIGN is set but the NTLMSSP_NEGOTIATE_KEY_EXCH flag
is cleared (e.g. by an attacker) the Type3Message will include the
session key in the clear.
This does not so much affect the use in SMB signing in the original
jcifs - as signing cannot be enforced (i.e. does not provide any real
security guarantees anyways).
But as it might affect people using the NTLM implementation on it's own
or maybe other forks I'm just making this public here.
Fix in jcifs-ng is
https://github.com/AgNO3/jcifs-ng/commit/6bcf3e4b3c61b0cfe154d05b3869870c31df6205
(included in 2.0.4)
CVE has been requested, will update when available.
regards
Moritz
--
AgNO3 GmbH & Co. KG, Sitz Tübingen, Amtsgericht Stuttgart HRA 728731
Persönlich haftend:
Metagesellschaft mbH, Sitz Tübingen, Amtsgericht Stuttgart HRB 744820,
Vertreten durch Joachim Keltsch
More information about the jCIFS
mailing list