Bugtraq mailing list archives
Re[2]: Authentication flaw in microsoft SMB protocol
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Wed, 23 Apr 2003 18:09:42 +0400
Dear Jesper Johansson, This attack can not be prevented by NTLMv2, because in a same way attacker can relay server's response. This kind of attack is possible because of pass-through authentication. This attack may be prevented by SMB signing, which is available since SP3. Kerberos does not prevent this attack too, because Kerberos is not mandatory. Attacker can initiate NTLM with both client and server. 3APA3A. MCSE. MCT. --Tuesday, April 22, 2003, 1:41:49 AM, you wrote to bugtraq () securityfocus com: JJ> You don't need to wait. This is prevented with NTLM v.2, which shipped JJ> with Windows NT 4.0 SP4 in October 1998. This type of attack is also JJ> foiled with Kerberos, which is negotiated by default in a Windows 2000 JJ> or higher domain. JJ> To learn more about using NTLM v.2 and Kerberos, refer to the Windows JJ> Jesper M. Johansson JJ> Security Program Manager JJ> Microsoft Corporation -- ~/ZARAZA Жало мне не понадобится (С. Лем)
Current thread:
- Authentication flaw in microsoft SMB protocol seclab (Apr 19)
- Re: Authentication flaw in microsoft SMB protocol Dave Aitel (Apr 19)
- <Possible follow-ups>
- RE: Authentication flaw in microsoft SMB protocol Jesper Johansson (Apr 22)
- Re[2]: Authentication flaw in microsoft SMB protocol 3APA3A (Apr 23)
- Re: Authentication flaw in microsoft SMB protocol Chris Wysopal (Apr 22)