svn commit: samba r2200 - in branches/SAMBA_4_0/source/torture: . rpc

Simo Sorce idra at
Fri Sep 3 17:03:28 GMT 2004

On Fri, 2004-09-03 at 18:48, Jeremy Allison wrote:
> On Fri, Sep 03, 2004 at 08:28:25AM +0000, tridge at wrote:

> > solved another piece of the lsakey puzzle - the session key for lsa
> > encryption on ncacn_ip_tcp is a fixed buffer! I don't yet know what
> > the buffer is, but this code proves its the same buffer for different
> > w2k3 servers and different user passwords, plus it is independent of
> > the negotiated NTLMSSP session key.
> Oh my goodness ! How did you work that out ? That's a horrible
> security hole isn't it ?

No, shouldn't, as the connection is authenticated signed and sealed
generally, or at least that's what tridge said on IRC :)


Simo Sorce    -  idra at
Samba Team    -
Italian Site  -

More information about the samba-technical mailing list