diff options
| -rw-r--r-- | source3/auth/auth_sam.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 9a619f81f6..cb88014e98 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -98,9 +98,10 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB ntv2_response, return False; } - if (ntv2_response.length < 16) { + if (ntv2_response.length < 24) { /* We MUST have more than 16 bytes, or the stuff below will go - crazy... */ + crazy. No known implementation sends less than the 24 bytes + for LMv2, let alone NTLMv2. */ DEBUG(0, ("smb_pwd_check_ntlmv2: incorrect password length (%d)\n", ntv2_response.length)); return False; |