bug in ntlmssp code

Jeremy Allison jeremy at valinux.com
Wed Sep 5 18:12:34 GMT 2001

Luke Kenneth Casson Leighton wrote:
> the server-side ntlmssp api increments  ntlmssp_seq_num
> twice.  this obviously isn't very good, but it gets
> away with the first packet-exchange because the sequence
> nuimber is correct - once and only once.
> that's enough for one password change, btw, which is
> what ntlmssp _mostly_ gets used for :)
> so it's a bug, but not an issue - for now.

Thanks for the heads-up, I'll take a look at this one !



Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list