[Ethereal-dev] Bug in packet-http.c: http 'Authorization: Negotiate' parsing error

Yaniv Kaul Mon, 23 Feb 2004 06:41:50 -0800

In check_auth_ntlmssp(), there is an implict assumption that if the value of 'Authorization' is 'Negotiate', it is has to be NTLMSSP authentication. This is wrong. It may be SPNEGO. How about calling this dissector instead of ntlmssp (in dissect_http_ntlmssp) ? See http://bofriis.dk/portalprotect/SPNEGO%20authentication%20using%20JGSS.pdf for more information. Seen on 0.10.1


_______________________________________________
Ethereal-dev mailing list
[EMAIL PROTECTED]
http://www.ethereal.com/mailman/listinfo/ethereal-dev

[Ethereal-dev] Bug in packet-http.c: http 'Authorization: Negotiate' parsing error

Reply via email to