The Samba-Bugzilla – Bug 11300
Use of NONCEs in crypto functions is not properly constrained
Last modified: 2016-05-24 12:37:37 UTC
The current AEAD crypto primitives we have access to and use (AES-128-CCM and
AES-128-GCM) fail catastrophically if a nonce is ever reused with
the same key.
Appropriate measures ned to be added to prevent nonce wrapping/reuse.
Do not push the patch that went into master. It breaks non-encrypted SMB3.0.
(Found at plugfest by codenomicon).
This is fixed in current releases