This may help to avoid a number of possible MITM attacks where LM_KEY is
spoofed into the session. If the login wasn't with lanman
(and so the user chose to disclose their lanman response),
don't disclose back anything based on their lanman password.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
if (session_key.data == NULL) {
return NT_STATUS_NO_MEMORY;
}
- SMBsesskeygen_lm_sess_key(
- lm_session_key.data, zeros,
- session_key.data);
+ SMBsesskeygen_lm_sess_key(zeros, zeros,
+ session_key.data);
+ DEBUG(10,("ntlmssp_server_auth: Created NTLM session key.\n"));
}
dump_data_pw("LM session key:\n", session_key.data,
session_key.length);