[161] in Best-of-Security
BoS: Re: Some quick notes about SP3:
daemon@ATHENA.MIT.EDU (joel boutros)
Sun May 18 05:07:09 1997
Date: Fri, 16 May 1997 13:38:56 -0400
Reply-To: Windows NT BugTraq Mailing List <NTBUGTRAQ@RC.ON.CA>,
joel boutros <nihilis@MORAL.ADDICTION.COM>
From: joel boutros <nihilis@MORAL.ADDICTION.COM>
In-Reply-To: Your message of "Fri, 16 May 1997 09:06:32 EDT."
<199705161716.NAA07757@moral.addiction.com>
Errors-To: best-of-security-request@suburbia.net
To: best-of-security@suburbia.net
Resent-From: best-of-security@suburbia.net
In a sacred scroll entitled <199705161716.NAA07757@moral.addiction.com>,
Russ scribbled...
* 7. By default, unencrypted passwords cannot be sent from an NT box with
* SP3, this must be specifically enabled to be possible.
thanks to Aaron Spangler who, over on bugtraq, revealed that the registry
entry to enable this is,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters]
"EnablePlainTextPassword"=dword:00000001
for those of us not on both lists.
checking now indicates that Article Q166730 (which describes this registry
entry and the warnings associated to it, i assume) still doesn't exist on
knowledge base (www.microsoft.com/kb). either SP3 needs to be updated or
the article does. there're apparently a few others (i _believe_, though i
don't remember specifically, the one related to signing is involved,
though it can be found in post-SP2/sec-fix).
i'm curious about the change involved in the signing: is it to fix the
man-in-the-middle attacks (by stamping an originator ID onto the hash) or
to deal with NT's giving away its keys to remote hosts (ala the cifs/smb
file:// attack with IE3)? someone had suggested (i don't remember where,
i believe on bugtraq, in response to another of Aaron Spangler's reports
on SP3) that the authentication signing would fix that, but i've been
thinking of how it might do that, and haven't come up with anything
remarkable yet.
- joel
