svn commit: samba r2200 - in branches/SAMBA_4_0/source/torture:
. rpc
Jeremy Allison
jra at samba.org
Fri Sep 3 16:48:37 GMT 2004
On Fri, Sep 03, 2004 at 08:28:25AM +0000, tridge at samba.org wrote:
> Author: tridge
> Date: 2004-09-03 08:28:24 +0000 (Fri, 03 Sep 2004)
> New Revision: 2200
>
> WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba&path=/branches/SAMBA_4_0/source/torture&rev=2200&nolog=1
>
> Log:
> solved another piece of the lsakey puzzle - the session key for lsa
> encryption on ncacn_ip_tcp is a fixed buffer! I don't yet know what
> the buffer is, but this code proves its the same buffer for different
> w2k3 servers and different user passwords, plus it is independent of
> the negotiated NTLMSSP session key.
Oh my goodness ! How did you work that out ? That's a horrible
security hole isn't it ?
Jeremy.
More information about the samba-technical
mailing list