Celso Kopp Webber
webber at sj.univali.rct-sc.br
Mon May 4 06:00:16 GMT 1998
I'm currently running the last sources from the samba CVS tree, and
I've heard recently that NT had a weakness because it accepted the
'null sessions', so that one machine could administer another NT
providing a username and password. I found a small program on Internet,
QTIP, that can query any NT machine and get many useful information from
such as a list of users, list of shares, information about a user (for
cannot change password). I've tested this program against one NT4 server
my administration, accross the Internet, and it worked! The bad part is
it worked against SAMBA NTDOM too!
Am I mistaked? Does this really constitute a security hole that
vulenrable? I've heard also that NT4 with SP3 can, if the administrator
be setup on the registry to not accept 'null sessions'. Wouldn't it be
samba do the same?
Thanks in advance, and sorry if I'm saying any nonsense.
Celso Kopp Webber.
More information about the samba-ntdom