+ Reply to Thread
Results 1 to 2 of 2
  1. Senior Member teancum144's Avatar
    Join Date
    Jun 2012
    Location
    Pacific Northwest, USA
    Posts
    227

    Certifications
    CISSP, CISA, CPA (inactive), Network+, Security+
    #1

    Default NTLM Backward Compatibility Security Issues

    Darril Gibson's book indicates that, "While NTLMv1 and NTLMv2 provide improvements over LANMAN, a significant vulnerability exists in systems before Windows Vista ... LANMAN is still enabled by default on older systems. When it is enabled, these systems use the LANMAN hash for backward compatibility, in addition to the more secure NTLMv2."

    When it says, "in addition to the more secure NTLMv2", does it mean "instead of" or that some how both are used simultaneously?
    Reply With Quote Quote  

  2. Registered Member Darril's Avatar
    Join Date
    May 2009
    Location
    Virginia Beach, VA
    Posts
    1,569

    Certifications
    MCT, A+, Net+, Security+, CASP, SSCP, CISSP, MCSE, MCITP...
    #2
    Both are used simultaneously unless LANMAN is disabled.

    From a security perspective, an important point that administrators must consider is that just because NTLMv2 is enabled, it doesn't necessarily mean that LANMAN is disabled and passwords can be easily discovered.

    It's an old issue, but there are still a lot of Windows XP systems operating. Then again, even in newer systems running NTLMv2, if an attacker has unrestricted access to the database, it's just a matter of time before they can discover the passwords.

    Hope this helps.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks