[MS-NLMP]: NT LAN Manager (NTLM) Authentication Protocol

This topic lists the Errata found in [MS-NLMP] since it was last published. Since this topic is updated frequently, we recommend that you subscribe to these RSS or Atom feeds to receive update notifications.

Errata are subject to the same terms as the Open Specifications documentation referenced.

RSS

Atom

To view a PDF file of the errata for the previous versions of this document, see the following ERRATA Archives:

October 16, 2015 - Download

June 30, 2015 - Download

July 18, 2016 - Download

September 23, 2019 - Download

September 29, 2020 – Download

Errata below are for Protocol Document Version V34.0 – 2021/06/25.

Errata Published*

Description

2022/02/08

The following sections were changed. Please see the diff document for the details.

In section 2.2.1.1 NEGOTIATE_MESSAGE, added requirement for the VERSION structure to be populated.

Changed from:

Version (8 bytes): A VERSION structure (as defined in section 2.2.2.10) that is populated only when the NTLMSSP_NEGOTIATE_VERSION flag is set in the NegotiateFlags field. This structure SHOULD<6> be used for debugging purposes only. In normal (nondebugging) protocol messages, it is ignored and does not affect the NTLM message processing

Changed to:

Version (8 bytes): A VERSION structure (as defined in section 2.2.2.10) that is populated only when the NTLMSSP_NEGOTIATE_VERSION flag is set in the NegotiateFlags field, otherwise it MUST be set to all-zero. This structure SHOULD<6> be used for debugging purposes only. In normal (nondebugging) protocol messages, it is ignored and does not affect the NTLM message processing

In section 2.2.1.2 CHALLENGE_MESSAGE, added requirement for the VERSION structure to be populated.

Changed from:

Version (8 bytes): A VERSION structure (as defined in section 2.2.2.10) that SHOULD<9> be populated only when the NTLMSSP_NEGOTIATE_VERSION flag is set in the NegotiateFlags field. This structure is used for debugging purposes only. In normal (non-debugging) protocol messages, it is ignored and does not affect the NTLM message processing.

Changed to:

Version (8 bytes): A VERSION structure (as defined in section 2.2.2.10) that SHOULD<9> be populated only when the NTLMSSP_NEGOTIATE_VERSION flag is set in the NegotiateFlags field, otherwise it MUST be set to all-zero. This structure is used for debugging purposes only. In normal (non-debugging) protocol messages, it is ignored and does not affect the NTLM message processing.

In section 2.2.1.3 AUTHENTICATE_MESSAGE, added requirement for the VERSION structure to be populated.

Changed from:

Version (8 bytes): A VERSION structure (section 2.2.2.10) that is populated only when the NTLMSSP_NEGOTIATE_VERSION flag is set in the NegotiateFlags field. This structure is used for debugging purposes only. In normal protocol messages, it is ignored and does not affect the NTLM message processing.<11>

Changed to:

Version (8 bytes): A VERSION structure (section 2.2.2.10) that SHOULD be populated only when the NTLMSSP_NEGOTIATE_VERSION flag is set in the NegotiateFlags field, otherwise it MUST be set to all-zero. This structure is used for debugging purposes only. In normal protocol messages, it is ignored and does not affect the NTLM message processing.<11>

In section 2.2.2.10 VERSION, added requirement for the VERSION structure to be populated.

Changed from:

The VERSION structure contains operating system version information that SHOULD<31> be ignored. This structure is used for debugging purposes only and its value does not affect NTLM message processing. It is populated in the NEGOTIATE_MESSAGE, CHALLENGE_MESSAGE, and AUTHENTICATE_MESSAGE messages only if NTLMSSP_NEGOTIATE_VERSION is negotiated.<32>

Changed to:

The VERSION structure contains operating system version information that SHOULD<31> be ignored. This structure is used for debugging purposes only and its value does not affect NTLM message processing. It is populated in the NEGOTIATE_MESSAGE, CHALLENGE_MESSAGE, and AUTHENTICATE_MESSAGE messages only if NTLMSSP_NEGOTIATE_VERSION is negotiated, otherwise it MUST be set to all-zero.<32>

In section 3.1.5.1.1 Client Initiates the NEGOTIATE_MESSAGE, added requirement for the VERSION structure to be populated.

Changed from:

If the NTLMSSP_NEGOTIATE_VERSION flag is set by the client application, the Version field MUST be set to the current version (section 2.2.2.10), the DomainName field MUST be set to a zero-length string, and the Workstation field MUST be set to a zero-length string.

Changed to:

If the NTLMSSP_NEGOTIATE_VERSION flag is set by the client application, the Version field MUST be set to the current version (section 2.2.2.10), the DomainName field MUST be set to a zero-length string, and the Workstation field MUST be set to a zero-length string. If the NTLMSSP_NEGOTIATE_VERSION flag is not set by the client application, the Version field MUST be set to all-zero.

In section 3.1.5.1.2 Client Receives a CHALLENGE_MESSAGE from the Server, added requirement for the VERSION structure to be populated.

Changed from:

If the NTLMSSP_NEGOTIATE_VERSION flag is set by the client application, the Version field MUST be set to the current version (section 2.2.2.10), and the Workstation field MUST be set to NbMachineName.

Changed to:

If the NTLMSSP_NEGOTIATE_VERSION flag is set by the client application, the Version field MUST be set to the current version (section 2.2.2.10), and the Workstation field MUST be set to NbMachineName. Otherwise, if the NTLMSSP_NEGOTIATE_VERSION flag is not set by the client application the Version field MUST be set to all-zero.

*Date format: YYYY/MM/DD