Bug 15412 - anonymous smb3 signing/encryption should be allowed (similar to Windows Server 2022)
Summary: anonymous smb3 signing/encryption should be allowed (similar to Windows Serve...
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.18.3
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Stefan Metzmacher
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-03 13:01 UTC by Stefan Metzmacher
Modified: 2023-12-08 11:19 UTC (History)
4 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2023-07-03 13:01:34 UTC
I have captures where a client tries smb3 encryption on an anonymous session,
we used to allow that before the fixes for https://bugzilla.samba.org/show_bug.cgi?id=14512 / commit da7dcc443f45d07d9963df9daae458fbdd991a47

It changed with samba-4.15.0rc1

Testing against Windows Server 2022 revealed that anonymous signing is always
allowed (with the session key derived from 16 zero bytes) and
anonymous encryption is allowed after one authenticated session setup on
the tcp connection.