arstechnica.com
Microsoft released the insecure NTLMv1 authentication protocol in the 1980s. Cryptanalysts exposed its key weaknesses in 1999, and Microsoft released a secure replacement (NTLMv2) in 1998. Despite being flawed for decades, Mandiant reports that it remains active in many environments due to organizational inertia.
The protocol is vulnerable to trivial credential theft via rainbow table attacks—tools like Responder and PetitPotam can compromise accounts in seconds. Microsoft only announced plans to deprecate NTLMv1 last year. Security researchers are releasing newer, faster attack tools to help administrators convince decision-makers to disable the protocol. Mandiant urges organizations to immediately disable NTLMv1 to avoid preventable breaches.
Read More
