Old Topic: Re: NT Security Alert: (was Re: NTDOM: SamLogon validation...)

Luke Kenneth Casson Leighton lkcl at regent.push.net
Tue Apr 28 14:07:00 GMT 1998


On Wed, 29 Apr 1998, Paul Ashton wrote:

> 
> > Just a clarification for myself. It seems to me that the challenge can't
> > be replayed, because it must be the challenge that was sent during the
> > "server to PDC" SMB negotiate portion of the pass-through authentication
> > (steps 4-6 below)? Since this challenge is originated from the PDC (step
> > 5), the server should not be able to just send it a
> > challenge/challenge-response pair for validation. Is this not correct?
> > Any clarification is appreciated.
> 
> Your conclusion would seem to be correct in the context of the
> information you quoted. My observation was based purely on
> viewing the NetLogonSamLogon type=Network RPC between a file server
> and a PDC. If this has to be related to a previously sent challenge
> from the PDC then you may be correct. It was discussed on ntbugtraq
> and Paul Leach did not say that it would not work. I've never tried
> it though. Luke?

nah, me neither.  i tend not to get involved in protocol weakness analysis
stuff unless i'm writing protocols myself.  the things i am interested in
are working out existing (undocumented and important) protocols, and
implementing them, weaknessess or not.

however, in your paragraph above, exactly what has to be related to a
previously sent challenge? 

luke



More information about the samba-ntdom mailing list