DATE: COMMAND SOURCE: AUTHOR: SMB SYSTEMS AFFECTED Win NT 3.5, 3.51, 4.0 PROBLEM This vulnerability was originally presented on Bill Stout's www.hidata.com pages. NTs'dialect of LanManager (SMB NTLM 0.12) can be intercepted during the session_setup_andx phase. The CaseSensitivePassword and CaseInsensitivePassword fields can be copied from the intercepted session_setup_andx message from the client, and sent to the server. The client can be jammed with a Denial-of-Service attack, and by sending the forged session_setup_andx messages to the server, a session with the clients' credentials can be established. EXPLOIT SOLUTION None given.