jcifs-1.3.19 released / NTLMv2 Initiator Security Vulnerability Fixed

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

jcifs-1.3.19 released / NTLMv2 Initiator Security Vulnerability Fixed

Samba - jcifs mailing list
False Alarm: This does NOT affect the acceptor. It affects the
initiator which is much less interesting.

The corrected release note is:

This release fixes what is believed to be a moderate security issue.
All NTLM initiators / clients using JCIFS should upgrade their JCIFS
jar. Credit goes to Moritz Bechler for identifying and reporting this
flaw.

Note: It was previously believed that this issue affected the acceptor
which would have been much more serious. It does not affect the
acceptor / servers.