svn commit: samba r2200 - in
branches/SAMBA_4_0/source/torture: . rpc
Simo Sorce
idra at samba.org
Fri Sep 3 17:03:28 GMT 2004
On Fri, 2004-09-03 at 18:48, Jeremy Allison wrote:
> On Fri, Sep 03, 2004 at 08:28:25AM +0000, tridge at samba.org wrote:
> > solved another piece of the lsakey puzzle - the session key for lsa
> > encryption on ncacn_ip_tcp is a fixed buffer! I don't yet know what
> > the buffer is, but this code proves its the same buffer for different
> > w2k3 servers and different user passwords, plus it is independent of
> > the negotiated NTLMSSP session key.
>
> Oh my goodness ! How did you work that out ? That's a horrible
> security hole isn't it ?
No, shouldn't, as the connection is authenticated signed and sealed
generally, or at least that's what tridge said on IRC :)
Simo.
--
Simo Sorce - idra at samba.org
Samba Team - http://www.samba.org
Italian Site - http://samba.xsec.it
More information about the samba-technical
mailing list