VULHUB ™

The L0pht identified a weakness in Microsoft's Win9x authentication mechanism whereby the Win9x server issues the same cryptographic challenge for up to fifteen minutes. In a typical NT to Win9x authentication process, the Win9x server issues a challenge that is used by the NT server to encrypt the LanMan hash. The challenge-encrypted LanMan hash, along with the proper username, will grant an authorized user access to given resources on the Win9x server. Should an unauthorized user "sniff" the challenge-response sequence of a valid NT-Win9x login, he or she may replay this string from their own host to gain access to the Win9x server without knowledge of the clear-text password.

The L0pht identified a weakness in Microsoft's Win9x authentication mechanism whereby the Win9x server issues the same cryptographic challenge for up to fifteen minutes. In a typical NT to Win9x authentication process, the Win9x server issues a challenge that is used by the NT server to encrypt the LanMan hash. The challenge-encrypted LanMan hash, along with the proper username, will grant an authorized user access to given resources on the Win9x server. Should an unauthorized user "sniff" the challenge-response sequence of a valid NT-Win9x login, he or she may replay this string from their own host to gain access to the Win9x server without knowledge of the clear-text password.