[Date Prev][Date Next]
[OT] Re: Unix auth via LDAP & now need to add Samba!
Mark H. Wood wrote:
On Wed, 1 May 2002, David Wright wrote:
Your step-by-step illustrates the flaw perfectly! The server stores HP.
But HP can be used for authentiation (by hashing with the challenge to
produce HC)! It's true that the cleartext of the password P is safe, so if
HPC nor HPS ever appears on the wire, so where did the attacker get it?
He can't calculate it unless he knows the password.
The problem is, NT appears to store a plaintext-equivalent password on
the server. So if an attacker gets admin access on the server, he can
just grab all the passwords and access accounts with a modified client -
he doesn't even need to crack 'em! Yech.
David L. Parsley
Network Administrator, Roanoke College
"If I have seen further it is by standing on ye shoulders of Giants."