git.samba.org / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d60828f) | patch
CVE-2022-38023 docs-xml/smbdotconf: change 'reject md5 servers' default to yes
authorStefan Metzmacher <metze@samba.org>
Thu, 24 Nov 2022 17:22:23 +0000 (18:22 +0100)
committerStefan Metzmacher <metze@samba.org>
Tue, 13 Dec 2022 13:07:29 +0000 (13:07 +0000)
commit1c6c1129905d0c7a60018e7bf0f17a0fd198a584
tree2bf2b1dff2f4de50c984b1080639998b93728c7etree
parentd60828f6391307a59abaa02b72b6a8acf66b2fefcommit | diff
CVE-2022-38023 docs-xml/smbdotconf: change 'reject md5 servers' default to yes

AES is supported by Windows >= 2008R2 and Samba >= 4.0 so there's no
reason to allow md5 servers by default.

Note the change in netlogon_creds_cli_context_global() is only cosmetic,
but avoids confusion while reading the code. Check with:

 git show -U35 libcli/auth/netlogon_creds_cli.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
docs-xml/smbdotconf/winbind/rejectmd5servers.xml diff | blob | history
lib/param/loadparm.c diff | blob | history
libcli/auth/netlogon_creds_cli.c diff | blob | history
source3/param/loadparm.c diff | blob | history
Samba Shared Repository