Everhart, Glenn
From:	Russ [Russ.Cooper@RC.ON.CA]
Sent:	Friday, August 21, 1998 5:01 PM
To:	NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject:	Re: Anyone know how to stop c2myazz from obtaining passwords on n t?
Well, lots of replies to this old problem. FYI, since there was nothing
in the NTBugtraq archives about c2myazz, and since its still getting
attention from various sources, I thought we should get it covered.

<http://support.microsoft.com/support/kb/articles/q166/7/30.asp>

describes the feature added in SP3 that "solved" the c2myazz problem.
Basically, c2myazz intercepts authentication attempts between client and
server, and tells client to "downgrade" its authentication level to
plain-text. This is yet another backwards compatibility feature NT
is/was laden with.

SP3, by default, prevents NT from downgrading to plain-text. Of course
L0phtcrack <http://www.l0pht.com/l0phtcrack/> still can sniff password
hashes off the wire and do its best to convert them into plain-text, but
at least SP3 prevents plain-text from being sent.

This may break communications with some Samba servers btw. The article
above describes how to enable plain-text should you need to do that.

A couple of people mentioned the post-SP3 LM-Fix which allowed you to
specify, for NT boxen, what level you'd allow them to accept...but that
fix has long since been pulled and as yet, not replaced.

A couple of people also mentioned SMB signing. This is another feature
of SP3;

<http://support.microsoft.com/support/kb/articles/q161/3/72.asp>

describes that fully...(remember, its for NT to NT only).

Another poster suggested you have a look at the CIFS documentation
(Common Internet File System) which describes SMB authentication;

<http://www.microsoft.com/workshop/networking/cifs/default.asp>

Contributors:
John M. Alacce <lexicon@cs.cmu.edu>
Dabney, Les <LTDabney@qdi.com>
chey cobb <cobb@iu.net>
Eric Shoup <jamesbnd@postoffice.ptd.net>
gmonaco@unet.net (Monaco, Greg S.)

Cheers,
Russ - NTBugtraq moderator