xyster_ at hotmail.com
Fri May 7 19:19:12 GMT 2004
I've read quite a bit about MS04-011 NTLMv2 problems but no one has really
spelled out what the problem actually is.
>From looking at traces it appears a patched Windows box generates broken
NTLMv2 authentication blobs. Instead of sending, as part of the blob, the
full NetBIOS domain name and NetBIOS host name, it sends the first two
letters of the domain name; one letter as the domain name and the second
letter as the host name.
Some experimentation has shown that Windows servers will reject these broken
blobs. In other words, a Windows client using NTLMv2 will be rejected by a
Of course, this is not normally a problem since Windows will usually use
NTLMSSP when authenticating and imagine it is a different code path in
Does anyone else see this or is my Windows client playing games with me?
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
More information about the samba-technical