bug in ntlmssp code
Jeremy Allison
jeremy at valinux.com
Wed Sep 5 18:12:34 GMT 2001
Luke Kenneth Casson Leighton wrote:
>
> the server-side ntlmssp api increments ntlmssp_seq_num
> twice. this obviously isn't very good, but it gets
> away with the first packet-exchange because the sequence
> nuimber is correct - once and only once.
>
> that's enough for one password change, btw, which is
> what ntlmssp _mostly_ gets used for :)
>
> so it's a bug, but not an issue - for now.
Thanks for the heads-up, I'll take a look at this one !
Cheers,
Jeremy.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list