NT LAN Manager Vulnerabilities


NT LAN Manager Vulnerabilities is a big problem because if you don’t setup Kerberos properly the SPNEGO negotiation *will* typically fall back to using NT LAN Manager(NTLM) without notifying the user.

If you are not using SSL/TLS then it might as well be falling back to plain text authentication! Sure NTLM (the latest version) is *that bad*. There are rainbow tables that exist up to 16 characters for NTLM but you can download up to 10 characters for free here: http://project-rainbowcrack.com/table.htm

At this point, any NTLM hash derived from a 17-characters-or-less password is considered extremely weak and easily crackable with modern GPU hardware. we know people who have cracked passwords 36 characters long using a single GPU on their home theater box. You can try it yourself with free software here: https://hashcat.net/oclhashcat/

FYI: The default Windows Kerberos implementation is only marginally better than NTLM though because it too does not use a salt making password hashes only marginally harder to brute force (rc4-HMAC algorithm). Even if you enable AES-256 in Windows Server 2012 or later, it still doesn’t use a random salt! So it suffers the same problem: Only marginally better and not strong security at all.

More Information#

There might be more information for this subject on one of the following: