[jcifs] jcifs-1.3.19 released / NTLMv2 Initiator Security Vulnerability Fixed
Michael B Allen
ioplex at gmail.com
Fri Dec 22 00:56:39 UTC 2017
False Alarm: This does NOT affect the acceptor. It affects the
initiator which is much less interesting.
The corrected release note is:
This release fixes what is believed to be a moderate security issue.
All NTLM initiators / clients using JCIFS should upgrade their JCIFS
jar. Credit goes to Moritz Bechler for identifying and reporting this
flaw.
Note: It was previously believed that this issue affected the acceptor
which would have been much more serious. It does not affect the
acceptor / servers.
More information about the jCIFS
mailing list