Title: Microsoft Win9x Challenge Replay Vulnerability
Severity: MODERATE
Description:
The L0pht identified a weakness in Microsoft's Win9x authentication mechanism whereby the Win9x server issues the same cryptographic challenge for up to fifteen minutes. In a typical NT to Win9x authentication process, the Win9x server issues a challenge that is used by the NT server to encrypt the LanMan hash. The challenge-encrypted LanMan hash, along with the proper username, will grant an authorized user access to given resources on the Win9x server.
Should an unauthorized user "sniff" the challenge-response sequence of a valid NT-Win9x login, he or she may replay this string from their own host to gain access to the Win9x server without knowledge of the clear-text password.
Affected Products:
- Microsoft Windows 95
- Microsoft Windows 98
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
