"Microsoft released NTLMv1 in the 1980s with the release of OS/2. In 1999, cryptanalyst Bruce Schneier and Mudge published research that exposed key weaknesses in the NTLMv1 underpinnings. At the 2012 Defcon 20 conference, researchers released a tool set that allowed attackers to move from untrusted network guest to admin in 60 seconds, by attacking the underlying weakness. With the 1998 release of Windows NT SP4 in 1998, Microsoft introduced NTLMv2, which fixed the weakness."
"Organizations that rely on Windows networking aren't the only laggards. Microsoft only announced plans to deprecate NTLMv1 last August. Despite the public awareness that NTLMv1 is weak, "Mandiant consultants continue to identify its use in active environments," the company said. "This legacy protocol leaves organizations vulnerable to trivial credential theft, yet it remains prevalent due to inertia and a lack of demonstrated immediate risk.""
""I've had more than one instance in my (admittedly short) infosec career where I've had to prove the weakness of a system and it usually involves me dropping a sheet of paper on their desk with their password on it the next morning," one person said. "These rainbow tables aren't going to mean much for attackers as they've likely already got them or have far better methods, but where it will help is in making the arg"
NTLMv1 was introduced in the 1980s for OS/2 and contains fundamental cryptographic weaknesses that were exposed in 1999. Exploit tool sets demonstrated at Defcon 2012 enabled attackers to escalate from untrusted guest to admin in about 60 seconds by leveraging those weaknesses. Microsoft released NTLMv2 with Windows NT SP4 in 1998 to address the issue, but NTLMv1 remains in use and was only recently targeted for deprecation. Precomputed tables using the known plaintext challenge 1122334455667788 allow attackers to compute Net-NTLMv1 responses and rapidly crack credentials. Tools such as Responder, PetitPotam, and DFSCoerce commonly facilitate these attacks, and administrators see rainbow tables as evidence to justify migration investments.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]