From: Andrew Tridgell <tridge@samba.anu.edu.au> To: jallison@whistle.com Subject: Re: Passthough security fix. Message-Id: <19980421012031Z12583667-459+11459@samba.anu.edu.au> Date: Tue, 21 Apr 1998 11:20:21 +1000
> They send the sessionsetup request *twice* - once
> with the correct password, and once with a password
> of random garbage. If both are accepted then the
> user was guest, if the first was accepted and
> the second rejected then the user was non-guest.
excellent!
> Simple, elegant and works with all broken versions
> of NT. Can anyone see any disadvanages ?
there is a minor one. The logs on the NT server will get filled with
messages about a bad password being entered. Hmmm, does NT log those
by default?
Also, you'll need to send the random garbage first, not 2nd.
Cheers, Andrew