git.samba.org / abartlet / samba.git / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 06153d9) | patch
s3:ntlmssp Don't use the lm key if the user didn't supply one.
authorAndrew Bartlett <abartlet@samba.org>
Fri, 6 Aug 2010 09:01:34 +0000 (19:01 +1000)
committerAndrew Bartlett <abartlet@samba.org>
Mon, 9 Aug 2010 06:30:42 +0000 (16:30 +1000)
commit7ed16ab6e011f81644a9445269867f373975d7a0
tree93a9f6b95e1477e4314ab7f21a34c7d10438ed7dtree
parent06153d97de72e7d3a3b4468cb9587b063c1287d8commit | diff
s3:ntlmssp Don't use the lm key if the user didn't supply one.

This may help to avoid a number of possible MITM attacks where LM_KEY is
spoofed into the session.  If the login wasn't with lanman
(and so the user chose to disclose their lanman response),
don't disclose back anything based on their lanman password.

Andrew Bartlett
source3/libsmb/ntlmssp.c diff | blob | history
Unnamed repository; edit this file to name it for gitweb.