Microsoft Telnet Server NTLM Mutual Authentication Configuration Issue

Author: hackerhouse-opensource

MsTelnetServer_NTLM_MutualAuth_ConfigIssue.txt

@@ -32,6 +32,13 @@ The server’s SSPI implementation includes:
   mutual authentication and credential delegation, potentially enabling an
   authentication bypass.
 
+MS-TNAP protocol allows clients to specify authentication type and direction through flags:
+ 
+ - AUTH_SERVER_TO_CLIENT: Indicates the server should authenticate to the client, 
+   reversing the typical client-to-server authentication flow.
+ - AUTH_HOW_MUTUAL: Requests mutual authentication, where both client and server 
+   authenticate each other.
+
 A practical attack would require the server to send a Type 1 (NEGOTIATE) message,
 allowing the client to process server credentials via AcceptSecurityContext. We
 updated security.c in a telnet client and attempted this by using