|
<<
^
>>
Date: 1999-02-09
NT-Servicepack IV: Gemeine Passwort/lücken
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
Wer mittels eines LAN-Managers Passwörter auf NT-
Rechnern vergibt, die Servicepack IV installiert haben & dabei
Mac, DOS, OS/2 oder auch andere im Netze werken hat,
sollte wissen, was für ein gemeines Loch dadurch entsteht:
Das Passwort wird als blankes Nullwertfeld registriert, will
heissen, das es nicht existiert.
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
Russ Cooper
Microsoft have released a Security Bulletin
(http://www.microsoft.com/security/bulletins/ms99-004.asp)
which covers a potentially serious security breach created as
a result of a LanManager client (DOS, Windows 3.1,
Windows for Workgroups, OS/2, or Mac) being used to
change a password on a Windows NT 4.0 system that has
had SP4 applied.
Due to the fact that these clients do not use an NT Hash
during the password change process, the NT Hash is stored
as a NULL value in the NT SAM. As a result of changes
introduced with SP4, when an NT system (any version)
connects using an account whose password was previously
changed with a LanManager client, that system can provide a
blank password and be authenticated.
Therefore the security risk requires three distinct steps in
order for you to be at risk;
1. Your NT systems that users are logging into must be
version 4.0 and have been updated to SP4.
2. One, or more, of your users must have logged into the NT
system and changed their password from that client.
3. Someone must subsequently log into the NT system using
a valid userID and a blank password.
Obviously if your users are not logging in from DOS,
Windows 3.1, Windows for Workgroups, OS/2, or Macs, then
your NT systems are not compromised by this bug. However,
the fix should obviously be applied to prevent problems in
future.
Microsoft have stated, in the bulletin noted above, that it is
NOT necessary to have users change their passwords after
applying the fix. The data is being stored correctly in the NT
SAM, the problem is in the way NT 4.0 SP4 handles null
password logins from other NT systems only (any version).
Microsoft have prepared a KB article
<http://support.microsoft.com/support/kb/articles/q214/8/40.a
sp> describing the vulnerability.
relayed by
Damir Tomicic <[email protected]>
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
edited by
published on: 1999-02-09
comments to [email protected]
subscribe Newsletter
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
<<
^
>>
|
|
|
|