NTLM 100 Percent Broken Using Hashes Derived from Captures

Slashdot

+ - NTLM 100 Percent Broken Using Hashes Derived from Captures-> 0

Submitted by uCallHimDrJ0NES on Tuesday January 08, 2013 @02:24PM

uCallHimDrJ0NES writes "Security researcher Mark Gamache has used Moxie Marlinspike's Cloudcracker to derive hashes from captured NTLM handshakes, resulting in successful pass-the-hash attacks. It's been going on for a long time, probably, but this is the first time a "white hat" has researched and exposed the how-to details for us all to enjoy. Microsoft has posted a little guidance for those who need to turn off NTLM: http://support.microsoft.com/kb/2793313. Have fun explaining your new security project to your management, server admins!"
Link to Original Source

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

NTLM 100 Percent Broken Using Hashes Derived from Captures

Load All Comments

Search 0 Comments Log In/Create an Account

Comments Filter:

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Never invest your money in anything that eats or needs repainting. -- Billy Rose

NTLM 100 Percent Broken Using Hashes Derived from Captures More Login

NTLM 100 Percent Broken Using Hashes Derived from Captures