Menu
Vulnerability in the NETBIOS protocol

Vulnerability in the NETBIOS protocol

A gaping security hole in the NETBIOS protocol of Windows 9x and Me makes it easy for attackers to break the password protection of shared files in networks. The massive bug in the password routine has not been published since Windows 95.

As Network Security Focus has found out, the client determines how long the password is when making a request and only then compares the entered password with the stored password for file sharing. For a clever attacker, a few movements are enough to set the length of the password to one byte. If this byte matches the first password entered for the files, the door to the files is open. With 256 possible bytes, which are available for the first position, it does not require too much effort. Microsoft has released a patch and otherwise recommends turning off file and printer sharing.

Comments