| Bug ID |
8640
|
| Summary |
fixes in NTLMSSP dissector
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
SVN
|
| Hardware |
x86
|
| OS |
Windows 7
|
| Status |
UNCONFIRMED
|
| Severity |
Enhancement
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 10738 [details]
fixed dissection of NTLMv2 challenge response in NTLMSSP dissector
Build Information:
--
this patch fixes dissection of the NTLMSSP v2 Challenge Response. The old code
would loop over the Attributes until the end of the Response, however in
reality the last values of a Response are four 0 bytes and maybe padding. I've
also changed the names of the values to match those from the Microsoft
specification.
I've also changed the name of one flags bit from unknown to "Anonymous", again
according to the Microsoft spec.
I'll attach a capture file containing 3 DCE/RPC PDUs with a NTLM challenge. It
contains the NTLMv2 challenge response which I've changed. It is a part of a
large file and you need to play with "Decode As" to have Wireshark dissect it
as DCE/RPC.
You are receiving this mail because:
- You are watching all bug changes.