Great work finding this. This only affects a client initiating so I
think the impact is going to be moderate if even that.
But great find and thanks for reporting it.
I added a link on the JCIFS site to your jcifs-ng project which looks
Keep up the good work.
On Tue, Dec 19, 2017 at 5:06 AM, Moritz Bechler via jCIFS
<[hidden email]> wrote:
> working on the SPNEGO/NTLM support in jcifs-ng I stubled over an
> security issue in the NTLM implementation originating from the original
> jcifs codebase.
> If NTLMSSP_NEGOTIATE_SIGN is set but the NTLMSSP_NEGOTIATE_KEY_EXCH flag
> is cleared (e.g. by an attacker) the Type3Message will include the
> session key in the clear.
> This does not so much affect the use in SMB signing in the original
> jcifs - as signing cannot be enforced (i.e. does not provide any real
> security guarantees anyways).
> But as it might affect people using the NTLM implementation on it's own
> or maybe other forks I'm just making this public here.
> Fix in jcifs-ng is
> https://github.com/AgNO3/jcifs-ng/commit/6bcf3e4b3c61b0cfe154d05b3869870c31df6205 > (included in 2.0.4)
> CVE has been requested, will update when available.
> AgNO3 GmbH & Co. KG, Sitz Tübingen, Amtsgericht Stuttgart HRA 728731
> Persönlich haftend:
> Metagesellschaft mbH, Sitz Tübingen, Amtsgericht Stuttgart HRB 744820,
> Vertreten durch Joachim Keltsch