This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
NT LAN Manager Vulnerabilities
NT LAN Manager Vulnerabilities

Version management

Difference between version and

At line 1 added 14 lines
!!! Overview[1]
[NT LAN Manager] [Vulnerabilities|Vulnerability] is a big problem because if you don’t setup [Kerberos] properly the [SPNEGO] negotiation *will* typically fall back to using [NT LAN Manager]([NTLM]) without notifying the user.
If you are not using [SSL]/[TLS] then it might as well be falling back to plain text [authentication]! Sure [NTLM] (the latest version) is *that bad*. There are [rainbow table]s that exist up to 16 characters for [NTLM] but you can download up to 10 characters for free here: [http://project-rainbowcrack.com/table.htm]
At this point, any [NTLM] [hash] derived from a 17-characters-or-less password is considered extremely weak and easily crackable with modern GPU hardware. we know people who have cracked passwords 36 characters long using a single GPU on their home theater box. You can try it yourself with free software here: [https://hashcat.net/oclhashcat/]
FYI: The default Windows [Kerberos] implementation is only marginally better than [NTLM] though because it too does not use a [salt] making password hashes only marginally harder to brute force ([rc4]-[HMAC] algorithm). Even if you enable [AES]-256 in Windows Server 2012 or later, it __still doesn’t use a random [salt]__! So it suffers the same problem: Only marginally better and not strong security at all.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [The Rope|https://www.gluu.org/blog/spnego-the-rope/|target='_blank'] - based on data observed:2015-05-18
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop