[4174] in bugtraq
Re: Internet Explorer Bug #4
daemon@ATHENA.MIT.EDU (Alain Thivillon)
Sat Mar 15 13:38:10 1997
Date: Sat, 15 Mar 1997 11:09:51 +0100
Reply-To: Alain Thivillon <Alain.Thivillon@ALMA.FR>
From: Alain Thivillon <Alain.Thivillon@ALMA.FR>
To: BUGTRAQ@NETSPACE.ORG
Dominique Brezinski ecrivait (wrote) :
> encrypted passwords (SMB dialect sub LanMan 2.x), the client application
> will prompt the user for a user name and password. If the user is stupid
> enough to enter the info, the NT or Win95 machine will happily send it
> plaintext to the server! Doh!
Win95 does not ask user before sending the Domain password in
plaintext. I just checked this here, you just have to compile Samba with
no DES support, DEBUG_PASSWORD option and debug level 100 to see what
happens.
What saves Win95 is that is does not understand the \\<IP-Address>\SHARE
Cifs syntax. But on local network with broadcast name resolution ...
And with previous bugs of Internet Explorer, you kown how to add lines
to LMHOSTS via Web browser :(
--
Alain Thivillon -+- Alain.Thivillon@alma.fr -+- Alma, Grenoble
