Project

General

Profile

Bug #36108

GUI fails to warn user that NTLMv1 is insecure

Added by Sean McBride almost 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
No priority
Assignee:
Release Council
Category:
GUI (new)
Target version:
Seen in:
Severity:
New
Reason for Closing:
Duplicate Issue
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

The GUI currently says about the option: 'This parameter determines whether or not smbd(8) will attempt toauthenticate users using the NTLMv1 encrypted password response'

Which makes it sound innocuous especially by saying "encrypted", but NTLMv1 is in fact broken/insecure and the encryption is worthless.

I submitted a patch here:

https://github.com/freenas/freenas/pull/1343


Related issues

Is duplicate of FreeNAS - Bug #36103: Fix typo and lack of clarity in NTLMv1 warningDone

History

#1 Updated by Dru Lavigne almost 3 years ago

  • Is duplicate of Bug #36103: Fix typo and lack of clarity in NTLMv1 warning added

#2 Updated by Dru Lavigne almost 3 years ago

  • Status changed from Unscreened to Closed
  • Target version changed from Backlog to N/A
  • Reason for Closing set to Duplicate Issue

Also available in: Atom PDF