|
Brought to you by:
Suppliers of:
|
|
|
| |
| Windows NT/95/98 uses SMB Authentication whenever it wants to authenticate itself against another computer on the network in order to access file-sharing services. Windows 95/98 network file-sharing reuses the cryptographic challenges used in SMB challenge/response authentication. This reuse of the challenge enables an attacker, who has captured a legitimate network authentication, to replay the authentication and establish a connection impersonating a valid user. |
| |
Credit:
Read more about l0phtcrack:
L0phtCrack, The integrated password cracker for NT
L0pht Heavy Industries' home page can be found at: http://www.l0pht.com/.
|
| |
Using L0phtCrack, a tool used to capture password hashes which travel across the network, L0pht Heavy Industries has found that Windows 95 and Windows 98 use the same challenge for a period of approximately 15 minutes. This enables an attacker that has gained access to a legitimate challenge response packet to retransmit this packet to the authentication server to impersonate a valid user.
Challenge response is used to protect against a "replay" attack. In challenge response the actual password is not transferred over the network, but the server makes a "challenge". If the workstation has a legitimate password, a legitimate "response" can be sent to the server, thus authenticating the user.
However, by repeating the challenge, it is possible to repeat the response, hence the ability to impersonate legitimate users.
|
|
|
|
|
