Bugtraq mailing list archives

Re: Internet Explorer Bug #4

From: Alain.Thivillon () ALMA FR (Alain Thivillon)
Date: Sat, 15 Mar 1997 11:09:51 +0100


Dominique Brezinski ecrivait (wrote)  :

encrypted passwords (SMB dialect sub LanMan 2.x), the client application
will prompt the user for a user name and password.  If the user is stupid
enough to enter the info, the NT or Win95 machine will happily send it
plaintext to the server! Doh!


Win95 does not ask user before sending the Domain password in
plaintext. I just checked this here, you just have to compile Samba with
no DES support, DEBUG_PASSWORD option and debug level 100 to see what
happens.

What saves Win95 is that is does not understand the \\<IP-Address>\SHARE
Cifs syntax. But on local network with broadcast name resolution ...
And with previous bugs of Internet Explorer, you kown how to add lines
to LMHOSTS via Web browser :(

--
Alain Thivillon -+- Alain.Thivillon () alma fr -+- Alma, Grenoble

Current thread:

Re: Internet Explorer Bug #4 Dominique Brezinski (Mar 14)
- Re: Internet Explorer Bug #4 Paul (Mar 16)
- bin/2983: Security bug (buffer overflow) in lib/libterm/tgoto.c Aleph One (Mar 16)
- Re: Internet Explorer Bug #4 Aaron Spangler (Mar 18)
- <Possible follow-ups>
- Re: Internet Explorer Bug #4 Alain Thivillon (Mar 15)
  - Re: Internet Explorer Bug #4 Steve Birnbaum (Mar 15)
- Re: Internet Explorer Bug #4 Rubens Kuhl Jr. (Mar 15)
- Re: Internet Explorer Bug #4 Rubens Kuhl Jr. (Mar 15)