Forwarded From: MJE <markat_private> January 5, 1999 - NTSD - Weld Pond of L0pht Heavy Industries released a security advisory last evening on Bugtraq that reveals insecurities discovered in the Windows 95 and Windows 98 challenge/response mechanism. In summary, it was discovered that the operating systems reuse the challenge issued to a connecting user during the authentication phase, and if that user tries to reconnect during the following 15 minute window of time. As Weld states, "Reusing a challenge is a classic cryptographic mistake." We have no word yet from Microsoft as to how they will address this discovery. For more information, including the relevant links to the Lopht Advisory and Web site, please visit: http://www.ntsecurity.net/scripts/load.asp?iD=/security/win9598-challenge.htm -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:15:03 PDT