COMMAND

    0.12 encrypted handshake intercept

SYSTEMS AFFECTED

    Win NT 3.5, 3.51, 4.0

PROBLEM

    This  vulnerability  was  originally  presented  on  Bill  Stout's
    www.hidata.com pages.

    NTs'dialect  of  LanManager  (SMB  NTLM  0.12)  can be intercepted
    during the session_setup_andx phase.

    The CaseSensitivePassword  and CaseInsensitivePassword  fields can
    be copied from the intercepted session_setup_andx message from the
    client, and sent to  the server. The client  can be jammed with  a
    Denial-of-Service   attack,    and   by    sending   the    forged
    session_setup_andx  messages  to  the  server,  a session with the
    clients' credentials can be established.

SOLUTION

    Check that with MS.