From 791ee4a58110fc25d5f66e0e21372c766e400bd0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 14 Jun 2004 07:28:05 +0000 Subject: r1134: added a TODO regarding schannel credentials (This used to be commit 17dacf494ac25bb6d9f6dea8cb81968ea2b84c55) --- source4/libcli/auth/credentials.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source4/libcli/auth/credentials.c b/source4/libcli/auth/credentials.c index 1d4db74633..60feee7884 100644 --- a/source4/libcli/auth/credentials.c +++ b/source4/libcli/auth/credentials.c @@ -270,7 +270,8 @@ BOOL creds_server_step_check(struct creds_CredentialState *creds, struct netr_Authenticator *received_authenticator, struct netr_Authenticator *return_authenticator) { - /* Should we check that this is increasing? */ + /* TODO: this may allow the a replay attack on a non-signed + connection. Should we check that this is increasing? */ creds->sequence = received_authenticator->timestamp; creds_step(creds); if (creds_server_check(creds, &received_authenticator->cred)) { -- cgit