Passthough security fix.
Andrew Tridgell
tridge at samba.anu.edu.au
Tue Apr 21 01:20:21 GMT 1998
> They send the sessionsetup request *twice* - once
> with the correct password, and once with a password
> of random garbage. If both are accepted then the
> user was guest, if the first was accepted and
> the second rejected then the user was non-guest.
excellent!
> Simple, elegant and works with all broken versions
> of NT. Can anyone see any disadvanages ?
there is a minor one. The logs on the NT server will get filled with
messages about a bad password being entered. Hmmm, does NT log those
by default?
Also, you'll need to send the random garbage first, not 2nd.
Cheers, Andrew
More information about the samba-technical
mailing list