NT Versions Affected:

3.5, 3.51, 4.0

Problem:

A system can be configured to negotiate SMB dialect to LanManager v2.0 which prompts the client to send a users' password in cleartext without the users' knowledge.

To connect to a fileshare or printshare, the NT network filesystem (SMB over NetBIOS) requires a cleartext username, (a cleartext domainname is optional) and with LanManager v2.1 or NTLM v0.12 dialects, an encrypted password.

SMB dialect 2.0 or earlier used plaintext passwords, and NT with backwards SMB dialect capability will negotiate and connect to earlier versions of SMB.

Verification:

ftp://ietf.cnri.reston.va.us/internet-drafts/draft-heizer-cifs-v1-spec-00.txt (search page for '8.5.2')