On Sun, Nov 2, 2014 at 4:05 PM, Nex6|Bill <n6gh...@yahoo.com> wrote: > I know, that “pass the hash” is now getting a lot of playtime on windows. and > I have heard in a couple of talks > that its directly related to “SSO” part of the OS, and may be part of posix?
Nope. It's just a bad (as in, completely broken) design for the NTLM and LanMan authentication protocols. > is OpenBSD, or BSD in general vulnerable to these style attacks? The vulnerability is the authentication protocol/method, independent the operating system. If you used NTLM or LanMan password authentication on OpenBSD, you would be vulnerable. You would also have to be insane. > or just the normal unix dump the password /etc/passwd table for offline > attacks sorts of > stuff? For the authentication methods in base, correct. Philip Guenther