[Samba] compromising security
Gerald (Jerry) Carter
jerry at samba.org
Mon Jul 4 21:57:44 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tomasz Chmielewski wrote:
> All that should be done is to unplug the workstation
> from the network, then plug a laptop with a network sniffer
> into the workstation (connect the network cards), and
> watch the traffic... If the laptop acts with a name of a "real"
> server, and has "encrypt passwords = no" - would the workstation
> send the credentials in plaintext, and thus, all carefully
> crafted security would be compromised?
>
> Or is something fundamentally wrong in my thinking
> (hopefully)?
Current Windows clients will not send the clear text of a
password unless you have configured a registry setting to tell
them it is OK. Around Windows NT 4.0 SP3, MS had the same
thought you did.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCybDYIR7qMdg1EfYRAqUiAKCEEPHvblUsrsPzhxGsD4JIWg18zACfXb/Y
fjH0EUoQA0lEipFVYo5AZgM=
=/Ftr
-----END PGP SIGNATURE-----
More information about the samba
mailing list